Certificate error after updating to 25.10.2

Brett_Becker · February 22, 2026, 1:58pm

When clicking “Check for Updates” after upgrading to 25.10.2 I get the following error message and I am not able to check for new updates:

AttributeError(“‘ClientConnectorCertificateError’ object has no attribute ‘_os_error’”)

Here is the full traceback:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/aiohttp/connector.py", line 1283, in _wrap_create_connection
    return await self._loop.create_connection(*args, **kwargs, sock=sock)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/base_events.py", line 1113, in create_connection
    transport, protocol = await self._create_connection_transport(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/base_events.py", line 1146, in _create_connection_transport
    await waiter
  File "/usr/lib/python3.11/asyncio/sslproto.py", line 578, in _on_handshake_complete
    raise handshake_exc
  File "/usr/lib/python3.11/asyncio/sslproto.py", line 560, in _do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.11/ssl.py", line 979, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/middlewared/plugins/update_/trains.py", line 30, in fetch
    async with client.get(url) as resp:
  File "/usr/lib/python3/dist-packages/aiohttp/client.py", line 1488, in __aenter__
    self._resp: _RetType = await self._coro
                           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/client.py", line 770, in _request
    resp = await handler(req)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/client.py", line 725, in _connect_and_send_request
    conn = await self._connector.connect(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/connector.py", line 642, in connect
    proto = await self._create_connection(req, traces, timeout)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/connector.py", line 1209, in _create_connection
    _, proto = await self._create_direct_connection(req, traces, timeout)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/connector.py", line 1581, in _create_direct_connection
    raise last_exc
  File "/usr/lib/python3/dist-packages/aiohttp/connector.py", line 1550, in _create_direct_connection
    transp, proto = await self._wrap_create_connection(
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/connector.py", line 1285, in _wrap_create_connection
    raise ClientConnectorCertificateError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host update.truenas.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/middlewared/api/base/server/ws_handler/rpc.py", line 361, in process_method_call
    result = await method.call(app, id_, params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/api/base/server/method.py", line 57, in call
    result = await self.middleware.call_with_audit(self.name, self.serviceobj, methodobj, params, app,
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 956, in call_with_audit
    result = await self._call(method, serviceobj, methodobj, params, app=app,
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 773, in _call
    return await methodobj(*prepared_call.args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/api/base/decorator.py", line 108, in wrapped
    result = await func(*args)
             ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/plugins/update_/profile_.py", line 65, in profile_choices
    current_profile = UpdateProfiles[await self.current_version_profile()]
                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/plugins/update_/profile_.py", line 84, in current_version_profile
    current_train_releases = await self.middleware.call('update.get_train_releases', manifest['train'])
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1053, in call
    return await self._call(
           ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 773, in _call
    return await methodobj(*prepared_call.args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/plugins/update_/trains.py", line 69, in get_train_releases
    return await self.fetch(f"{self.update_srv}/{name}/releases.json")
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/middlewared/plugins/update_/trains.py", line 33, in fetch
    if isinstance(e, ClientConnectorError) and e.os_error.errno == errno.ENETUNREACH:
                                               ^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/aiohttp/client_exceptions.py", line 192, in os_error
    return self._os_error
           ^^^^^^^^^^^^^^
AttributeError: 'ClientConnectorCertificateError' object has no attribute '_os_error'

Brett_Becker · February 22, 2026, 2:00pm

Also, the system time and time zone are correct.

Brett_Becker · February 22, 2026, 2:26pm

I figured it out. It was DNS, specifically cloudflare family DNS blocking something. Ugh.

cologuy · February 22, 2026, 4:55pm

I have the same error and I am using 8.8.8.8

bignay2000 · February 22, 2026, 7:51pm

I have the same issue, using Ubiquiti UNFI Gateway with “Auto DNS Server” Checked & Encrypted DNS set to Auto (cloudflare and google)

bignay2000 · February 22, 2026, 7:55pm

This error is not generating an alert, just this popup. Would be great to have this popup error message have more context and also generate an alert that update check failed.

cologuy · February 23, 2026, 12:52pm

I opened a ticket with Ubiquity

Brett_Becker · February 23, 2026, 2:28pm

Hard coding 1.1.1.1 and 1.0.0.1 was what fixed it for me. It was using encrypted HTTPS (DoH) DNS Cloudfare Family from my Ubiquiti router when it wasn’t working.

cologuy · February 23, 2026, 9:37pm

Both my 26.04.0-MASTER-20260223-020145 - Halfmoon and 25.10.2 - Goldeye systems are now working with Cloudflare and Google. . TrueNAS had a CDN problem.

Topic		Replies	Views
Update service is failing TrueNAS General CORE	1	114	January 9, 2025
Cannot connect to host update.ixsystems.com:443 ssl:True TrueNAS General	11	1563	January 7, 2025
Application can't connect to update.ixsystems.com, connection reset by peer TrueNAS General Networking , Update	7	114	October 21, 2025
Cannot update - SSL Cert error TrueNAS General	2	87	June 30, 2025
SSL certificate problem: certificate is not yet valid TrueNAS General CORE	4	131	January 11, 2025

Certificate error after updating to 25.10.2

AttributeError(“‘ClientConnectorCertificateError’ object has no attribute ‘_os_error’”)

Related topics