[Self-signed certificate; v5.x] E017: Network error

[swirlypillow]

Which version of floccus are you using?

5.0.10

Sync method

Nextcloud Bookmarks

Which browser are you using? In case you are using the phone App, specify the Android or iOS version and device please.

Brave

Version 1.63.169 Chromium: 122.0.6261.111

Which version of Nextcloud Bookmarks are you using? (if relevant)

13.1.3

Which version of Nextcloud? (if relevant)

28.0.3

What kind of WebDAV server are you using? (if relevant)

No response

Describe the Bug

I get a "E017: Network error: Check your network connection and your account details" after upgrading to 5.0.10. I am using a Nextcloud instance hosted on my private network. The site is accessible over 443, and is using a self-signed certificate. The certificate is not expired, but the browser marks the site as not secure because it is self-signed. I'm not sure this is totally relevant, because with the last version of Floccus 4, this did not seem to matter. All I had to do was navigate to the Nextcloud site and accept the security warning, and everything worked fine. Now I get this error. I've tried deleting the profile and recreating it, which did not help.

Expected Behavior

I expected my bookmarks to continue to sync with Nextcloud Bookmarks as they have always done.

To Reproduce

Click the "sync now" button or click the "sync all profiles" button.

Debug log provided

• I have provided a debug log file

I would but it generates a 0 byte file so there's nothing to attach.

[github-actions]

Hello 👋

Thank you for taking the time to open this issue with floccus. I know it's frustrating when software
causes problems. You have made the right choice to come here and open an issue to make sure your problem gets looked at
and if possible solved.
I'm Marcel and I created floccus and have been maintaining it ever since.
I currently work for Nextcloud which leaves me with less time for side projects like this one
than I used to have.
I still try to answer all issues and if possible fix all bugs here, but it sometimes takes a while until I get to it.
Until then, please be patient.
Note also that GitHub is a place where people meet to make software better together. Nobody here is under any obligation
to help you, solve your problems or deliver on any expectations or demands you may have, but if enough people come together we can
collaborate to make this software better. For everyone.
Thus, if you can, you could also have a look at other issues to see whether you can help other people with your knowledge
and experience. If you have coding experience it would also be awesome if you could step up to dive into the code and
try to fix the odd bug yourself. Everyone will be thankful for extra helping hands!
One last word: If you feel, at any point, like you need to vent, this is not the place for it; you can go to the forum,
to twitter or somewhere else. But this is a technical issue tracker, so please make sure to
focus on the tech and keep your opinions to yourself.

I look forward to working with you on this issue
Cheers 💙

[grg5811]

Good morning,
same problem, with two machines, one with Debian 11 and the other with Debian 12. Brave browser. Synchronization no longer works, error E017, after updating to version 5.0.10.

[grg5811]

Good morning,
I don't know if it can help.
I tried version 5.0.10, with Firefox version 123.0.1 always with nextcloud, and it works well here.

[marcelklehr]

Mh, I'm not sure what could have caused this, maybe manifest v3 is more strict when it comes to self-signed certs

[grg5811]

Is there any solution or do you recommend reinstalling version 4....?

[marcelklehr]

I haven't had time to reproduce and investigate yet. Quick fix would certainly be to go back to v4.x but that will stop working some time in June/July when Google enforces manifest v3

[Kyetech-IT-Manager]

I'll add my 2 cents in

Had the same E017 issue with a TrueNAS Core TrueNAS-13.0-U4 WebDav share

The cert on the server is from our an internal CA and is a wildcard cert on the TrueNAS system
Using Chrome to browse to the same URL 'https://kye-nas01:8081/Share01/' that the floccus profile uses, gave a certificate not valid message
changing the URL in Chrome to 'https://kye-nas01.kyetech.local:8081/Share01/' - chrome now sees it as a valid cert

in the floccus profile
the URL was https://kye-nas01:8081/Share01/

• which gave the E017 error

After changing the URL to https://kye-nas01.kyetech.local:8081/Share01/

• no more E017 error and the bookmarks.xbel file was created

I hope this helps with others

[mvozzo]

Is there any solution or do you recommend reinstalling version 4....?

Thanks @swirlypillow for posting this issue. I love Floccus but I too encountered the exact same issue and got very frustrated.

THE SOLUTION
I downgraded to Floccus v4.19.1 by uninstalling the current version and manually install the old version.
This works with my homelab installation of Nextcloud Self Signed Certificates on the latest versions of

• Chrome
• Brave Browser
• Vivaldi and
• Microsoft Edge

Message to @marcelklehr
May I suggest you run a poll to all your loyal Floccus users and gauge how many are using Self-signed vs purchased an SSL certificate?

I think you may be pleasantly surprised how many people are using "Self-signed" and will be impacted by Google's manifest 3 forced rollout come June/July as this will leave many stranded and frustrated with no work around.

However, if you were to come up with workaround with Nextcloud Bookmarks, that would be superb and would keep your loyal fans of Floccus happy. Just a thought.

[marcelklehr]

Thank you for weighing in @mvozzo! I understand that this is frustrating. Unfortunately, I have no way to influence Chromium's (and derivatives) SSL/TLS behavior. If you know other addons that have transitioned to manifest v3 already and are working with self-signed certificates, I could perhaps take a leaf out of their book, but so far I see no option to fix this. I'm sorry. 😿

Update: This is filed in chrome's bug tracker already, so here's hoping it will be fixed soon :)

[mvozzo]

If you know other addons that have transitioned to manifest v3 already and are working with self-signed certificates,

Thanks for the reply @marcelklehr I have a followup question...
Out of curiosity (as I'm not a developer) does this mean those of us running homelab Nextcloud servers with Self-Signed Certificates are going to have issues (not just with Floccus) but with everything, once Google removes support for manifest v2?

[marcelklehr]

does this mean those of us running homelab Nextcloud servers with Self-Signed Certificates are going to have issues (not just with Floccus) but with everything, once Google removes support for manifest v2?

Likely yes

[accforgithubtest]

does this mean those of us running homelab Nextcloud servers with Self-Signed Certificates are going to have issues (not just with Floccus) but with everything, once Google removes support for manifest v2?

Likely yes

Is firefox likely to run into the same issue with self-signed certificates ?

[marcelklehr]

I don't know, I don't think so, for now.

[nooneto1]

Recently realized this has affected me too: NC server v27 accessed via a 192.168 IP w/ bookmarks NC plugin v13.1.3, w/ browser plugin v5.2.5. However, I also run the "Passwords" NC plugin v2023.12.32 w/ Passwords browser plugin v2.6.0 and I am able to synchronize those still.

Perhaps the author of that plugin might be able to assist with the problem?

[marcelklehr]

Hi @nooneto1
Thank you for weighing in. It appears that they haven't upgraded to manifest v3 yet: https://github.com/marius-wieschollek/passwords-webextension/blob/master/src/platform/chrome/manifest.json#L2 This means until they do the extension will soon stop being supported on Chrome, as far as I know.

[qlifee]

Hi Guys,

I found a workaround by creating a self-signed certificate and adding it to any Chromium based browser or Android phone, which will solve error E017 and allow floccus to sync with WebDAV or Nextcloud, see issue comment under 1787.

I also explained why Firefox is not effected by this issue.

Hope it works for you all.

[Daryes]

Something that might help about using a custom certificate, that worked on both iOS and Android phones.
Please note I didn't check if this manipulation was still valid recently

This is not for a browser only, but to install a certificate system-wide.

Requirements :

• having a CA certificate, obviously self-signed. It can be used as a real CA to sign other certificate, or directly for a website.
  The real CA approach is heavily suggested, as it will allow to sign and validate other personnal ssl certs without the need to have each of them injected into the system.
  A CA certificate has the constraint CA: True in its X509 properties when checked with openssl.
  If missing, it is not a CA, and it might not work.

• Pay attention to the name used for the CN , the certificate will appear under this name in the systems.

• The CA validity duration can be set to 50 years without much trouble.

• put the public key of said CA in a file with the .crt extension. Android especially is picky about this.
  The content must be in the text format, multilines and enclosed between the usual --BEGIN CERTIFICATE-- ... --END CERTIFICATE --

• store the crt file on a http site on your home server, easily accessible by a web browser.
  It is better if it can be reached with an automatic html index generated (Options Indexes for Apache)

• android requirement : a file explorer (should not be necessary)

To install the CA on the phone system :

• On IOS : launch Safari, enter the url of the website to reach directly the crt file of the CA.
  When opened by the browser, you should have an option somewhere to install/register it into the system. Accept,
  The CA certificates and those signed by it should be recognized now system-wide.
  Safari might need to be stopped and restarted due to its memory cache.
  The certificate can be managed under system => General => Profiles (at the bottom)

• On Android : same, launch chrome, open your website, click on the certificate file.
  Usually, the system will not ask to install it, but to save it as a file.
  Then, go to the phone system settings => Location & Security => install a certificate
  Search for the downloaded file and select it, it will be installed system-wide.
  It can be managed in the same setting panel.

For both, any certificate signed by the said CA will be now accepted.

Please note that you might get a notification at each reboot saying you have custom parameters activated or the system might be under surveillance. If you delete your CA, the notification will obviously stop.
This is due having manually imported the certificate.

In case of a detection problem, go back to the system panel to disable or delete the installed certificate, and verify again.