Hi @asika32764
Please post cURL and OpenSSL versions.

Got same issue

cURL Information | 7.43.0

OpenSSL Library Version | OpenSSL 1.0.1p 9 Jul 2015
OpenSSL Header Version | OpenSSL 1.0.1p 9 Jul 2015

From Joomla system infomation PHP tab

@wojsmol

Hi,
I am facing the same issue. Even it wasn't before in the same Joomla site. I have tried to access the url (https://update.joomla.org/core/extensions/com_joomlaupdate.xml) from the browser its showing: 404 Not Found

• Thanks

  ---

  _{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18480.}

So Curl is 2.4 years old and openssl, is very old too.

https://update.joomla.org/core/extensions/com_joomlaupdate.xml is accessible to me.

Sounds to me like you need to ask your host to update their Curl and SSL libraries or move to a host which is actually maintaining their servers.

Hmm, but I don't think 2.4 years are long enough to make a library unable to access SSL site. Many hosts has run for 5-10 years but they are still works. I can understand if a cert may expired but a library should not.

Can anyone explain about the cert invalid error on browser? I tried on many devices, one of them is a new device which has release just in this year. so I think it will not a single case.

Older versions of the libraries may not properly support current protocols. For example older cURL versions (maybe OpenSSL too, don't remember off hand) don't work well with SNI.

We don't have certificates issued by GoDaddy. So I think you're getting a failure in an intermediate step when trying to connect to the update server.

Ok it looks like we have a CDN cert issue. Working fine from the UK but when I connect from India it fails.

@mbabker do you know of any issues with our CDN's? I've connected via Mumbai, India and also get the invalid cert issue, same from Hong Kong but ok from the US and EU countries.

I can confirm my hosts in Tokyo works and fails in Taiwan.

Just looking at the browser screenshot, it seems your error in that case is at a higher level in the CDN architecture than what we would have access to. Either way it is not an issue we have the ability to resolve without removing the CDN.

@mbabker Any chance to send info to our CDN provider about this issue?

Not without any reliable info to go off of. Aside from a few traceroutes @tonypartridge sent me the ticket would literally be "random users in random regions are unable to access update.joomla.org please investigate" and as a former network ops guy I know their response will be "send details" (rightfully so because the comments in this issue are rather vague aside from @asika32764 note that it works in Tokyo but not Taiwan). So if there is more info that can be provided other than those traceroutes, that will help, otherwise we can file tickets all day long but I wouldn't expect anything to come out of them.

@rifatwahid @trananhmanh89 Please post System > System Information> Download as text (button) and a glocalisation of the server.
@asika32764 @tonypartridge Please post this info for working and not working location.

@mbabker https://www.ssllabs.com/ssltest/analyze.html?d=extensionscdn.joomla.org&hideResults=on - as second certificate without SNI support there is certificate revived by @asika32764.

I have this problem too on identical servers in the USA / France

I can download https://update.joomla.org/core/list.xml manually via curl from the servers without any problem:

root@http [~]# curl --version
curl 7.56.1 (x86_64-alpine-linux-musl) libcurl/7.56.1 LibreSSL/2.5.5 zlib/1.2.11 libssh2/1.8.0
Release-Date: 2017-10-23
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets HTTPS-proxy 

root@http [~]# php5 --version
PHP 5.6.32 (cli) (built: Nov  1 2017 12:14:55) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
    with Suhosin v0.9.38, Copyright (c) 2007-2015, by SektionEins GmbH

@wojsmol : Here is it.
I'm from Viet Nam.

systeminfo-2017-11-06T07_38_03+00_00.txt

@wojsmol this is irrelevant in my case. Only occurs when I change vpn on my local server, to any of the mentioned locations. Otherwise works fine, looks to me like the CDNs are not up to date with the correct information.

The lib version in Tokyo server which I can successfully update.

cURL Information | 7.47.0
OpenSSL Library Version | OpenSSL 1.0.2g 1 Mar 2016

It can be updated now in Taiwan.

Yes, fixed on my side.

@asika32764 can we close the issue than?

joomla behind squid no longer updates. I can curl the xml file directly from the webserver container - just not through the joomla update component any more

perhaps this is an issue with Amazon S3 - squid shows no errors:

08/Nov/2017:21:17:06 +0000  59959 1.2.3.4 TAG_NONE/200 0 CONNECT downloads.joomla.org:443 - HIER_DIRECT/72.29.124.146 -
08/Nov/2017:21:21:22 +0000     71 1.2.3.4 TCP_TUNNEL/200 2818 CONNECT update.joomla.org:443 - HIER_DIRECT/146.88.138.28 -

Problem on some host in routing.

From VPS in RU:

# traceroute -T downloads.joomla.org|less
traceroute to downloads.joomla.org (72.29.124.146), 30 hops max, 48 byte packets
 1  192.168.50.9 (192.168.50.9)  0.424 ms  0.434 ms  0.518 ms
 2  95.156.80.153 (95.156.80.153)  0.434 ms  0.461 ms  0.450 ms
 3  ae40.frkt-cr4.intl.ip.rostelecom.ru (217.107.67.15)  93.987 ms  87.993 ms  90.974 ms
 4  * * *
 5  * * *
 6  4.15.32.134 (4.15.32.134)  211.309 ms COLO4-DALLA.ear1.Dallas1.Level3.net (8.9.232.74)  200.539 ms 4.15.32.134 (4.15.32.134)  209.562 ms
 7  * * *
...
30  * * *
(END) 

From VPS in FI:

# traceroute -T downloads.joomla.org|less
traceroute to downloads.joomla.org (72.29.124.146), 30 hops max, 48 byte packets
 1  * * *
 2  ae7-201.RT.TNR.HKI.FI.retn.net (87.245.248.22)  1.035 ms  0.976 ms  0.842 ms
 3  ae3-8.RT.TC2.AMS.NL.retn.net (87.245.233.17)  28.605 ms  84.324 ms  84.242 ms
 4  er1.ams1.nl.above.net (80.249.208.122)  29.416 ms  29.835 ms  29.092 ms
 5  ae14.cr1.ams10.nl.zip.zayo.com (64.125.21.77)  34.182 ms  29.994 ms  29.948 ms
 6  ae27.cs1.ams10.nl.eth.zayo.com (64.125.27.0)  138.444 ms  138.423 ms  138.509 ms
 7  ae2.cs1.lhr15.uk.eth.zayo.com (64.125.29.17)  138.294 ms  138.212 ms  138.467 ms
 8  ae5.cs1.dca2.us.eth.zayo.com (64.125.29.131)  145.033 ms  138.234 ms  138.445 ms
 9  ae3.cs1.iah1.us.eth.zayo.com (64.125.29.49)  138.302 ms  138.241 ms  138.182 ms
10  ae5.cs1.dfw2.us.eth.zayo.com (64.125.28.99)  137.355 ms  137.366 ms  137.467 ms
11  ae27.cr1.dfw2.us.zip.zayo.com (64.125.30.181)  137.381 ms  137.494 ms  137.514 ms
12  ae11.er1.dfw2.us.zip.zayo.com (64.125.20.66)  139.131 ms  139.136 ms  139.338 ms
13  ae8.er2.dfw2.us.zip.zayo.com (64.125.29.122)  138.003 ms  138.031 ms  137.969 ms
14  64.124.196.226.t00876-01.above.net (64.124.196.226)  136.713 ms  136.659 ms  136.545 ms
15  * * *
...
30  * * *
(END) 
```<hr /><sub>This comment was created with the <a href="https://github.com/joomla/jissues">J!Tracker Application</a> at <a href="https://issues.joomla.org/tracker/joomla-cms/18480">issues.joomla.org/tracker/joomla-cms/18480</a>.</sub>

This may be antiddos protection on super-puper joomla hosting tierpoint.com :)

From VPS in RU:

Saddly this is expeced as RU is blocking AWS and the update sever and some of our infrastructure is build on AWS.

@zero-24 For me it can close. But I'm not sure is this problem still exists in other countries or not.

as there are new Comments it should stay open.

@asika32764 For me it can close. But I'm not sure is this problem still exists in other countries or not.

The main is that everything is fine for you!))

@zero-24 Saddly this is expeced as RU is blocking AWS and the update sever and some of our infrastructure is build on AWS.

AWS is a best solution for access to own site from localhost only. Blocked RU, FI, FR and some more other host from many country - great work guys! ;)

Excellent! Perfect! Viva AWS! Отлично! Превосходно! Да здравствует AWS! )))

Closed since no other new discussions here and finally CDN fixed in my position.

If anyone still meet this problem who can open a new issue.