Curl RES Error Code 60

[wojtek1171]

Can't login. Curl RES Error Code 60 occurs.

10/Dec/2022:22:08:33 +0100:Error:Miniflux API: https://my.domain.com/miniflux/v1/entries?status=unread RES Error Code: 60 10/Dec/2022:22:08:33 +0100:Error:Curl RES Error Code 60 10/Dec/2022:22:08:34 +0100:Info:delete eventHandler 10/Dec/2022:22:08:34 +0100:Info:closed DB 10/Dec/2022:22:08:34 +0100:Info:delete eventHandler 10/Dec/2022:22:08:34 +0100:Info:closed DB

[JuanJakobo]

Thats weird. Do you use the same Cert provider as for the Nextcloud client? Can you try with the new release please? If available could you please try to access the miniflux API directly via curl and test if that works or throws an error (https://miniflux.app/docs/api.html)?

[wojtek1171]

Yep. My Nextcloud client runs on the same server certified by Let'sEncrypt. Both apps runs on YunoHost.

New Release work the same way except of Pocket popup is not displayed and now the app doesn't close automatically after curl error. But the error itself is still the same.

Access via curl works ok, HTTP Basic Auth as well as Token Auth. I can gett all the articles in response.

Here's my miniflux config:

Global configuration options

    ADMIN_PASSWORD=***
    ADMIN_USERNAME=user
    AUTH_PROXY_HEADER=
    AUTH_PROXY_USER_CREATION=false
    BASE_PATH=/miniflux
    BASE_URL=https://my.domain.com/miniflux
    BATCH_SIZE=100
    CERT_DOMAIN=
    CERT_FILE=
    CLEANUP_ARCHIVE_BATCH_SIZE=10000
    CLEANUP_ARCHIVE_READ_DAYS=60
    CLEANUP_ARCHIVE_UNREAD_DAYS=180
    CLEANUP_FREQUENCY_HOURS=24
    CLEANUP_REMOVE_SESSIONS_DAYS=30
    CREATE_ADMIN=true
    DATABASE_CONNECTION_LIFETIME=5
    DATABASE_MAX_CONNS=20
    DATABASE_MIN_CONNS=1
    DATABASE_URL=**
    DEBUG=false
    DISABLE_HSTS=false
    DISABLE_HTTP_SERVICE=false
    DISABLE_SCHEDULER_SERVICE=false
    FETCH_YOUTUBE_WATCH_TIME=false
    HTTPS=true
    HTTP_CLIENT_MAX_BODY_SIZE=15728640
    HTTP_CLIENT_PROXY=
    HTTP_CLIENT_TIMEOUT=20
    HTTP_CLIENT_USER_AGENT=Mozilla/5.0 (compatible; Miniflux/2.0.39; +https://miniflux.app)
    HTTP_SERVICE=true
    INVIDIOUS_INSTANCE=yewtu.be
    KEY_FILE=
    LISTEN_ADDR=127.0.0.1:3000
    LOG_DATE_TIME=false
    MAINTENANCE_MESSAGE=Miniflux is currently under maintenance
    MAINTENANCE_MODE=false
    METRICS_ALLOWED_NETWORKS=127.0.0.1/8
    METRICS_COLLECTOR=false
    METRICS_REFRESH_INTERVAL=60
    OAUTH2_CLIENT_ID=
    OAUTH2_CLIENT_SECRET=
    OAUTH2_OIDC_DISCOVERY_ENDPOINT=
    OAUTH2_PROVIDER=
    OAUTH2_REDIRECT_URL=
    OAUTH2_USER_CREATION=false
    POCKET_CONSUMER_KEY=
    POLLING_FREQUENCY=60
    POLLING_PARSING_ERROR_LIMIT=3
    POLLING_SCHEDULER=round_robin
    PROXY_IMAGES=http-only
    PROXY_IMAGE_URL=
    ROOT_URL=https://my.domain.com
    RUN_MIGRATIONS=true
    SCHEDULER_ENTRY_FREQUENCY_MAX_INTERVAL=1440
    SCHEDULER_ENTRY_FREQUENCY_MIN_INTERVAL=5
    SCHEDULER_SERVICE=true
    SERVER_TIMING_HEADER=false
    WATCHDOG=true
    WORKER_POOL_SIZE=5

At the beginning I thought that it can be something with cert at my side (there are CERT_DOMAIN and CERT_FILE empty) and tried some fixes but if curl works well it should be something else. The web app also work without a problem.

Miniflux logs show the succesfull authentication via curl but it doesn't show any error when trying to reach it via pocketbook app. In any other case of unsuccesfull authentication there are errors shown in logs

Dec 11 13:48:35 miniflux[564271]: [DEBUG] [HTTPS] 123.45.678.910 GET /miniflux/v1/me
Dec 11 13:48:35 miniflux[564271]: [INFO] [API][TokenAuth] [ClientIP=123.45.678.910] User authenticated: username

I run out of ideas :D

[wojtek1171]

Update: While curl executed from my PC works well, curl from Koreader terminal on my pocketbook also shows Error 60 SSL certificate problem. That's probably why iIcouldn't authorize also with wallabag from my pocketbook.

But I'm wondering why Nextcloud works ok.

[JuanJakobo]

Ah okay, thanks for testing! Did you activate the "ignore cert" option on the login to nextcloud? That could be the cause. (https://github.com/JuanJakobo/Pocketbook-Nextcloud-Client/issues/26) There were some issues with lets encrypt a while ago as their root ca expired.(https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/) See also https://github.com/JuanJakobo/Pocketbook-Nextcloud-Client/issues/18 it was fixed with a recent Pocketbook update.

[wojtek1171]

That's right. Ignore cert param iss activated in nextcloud config.

Thanks for all the info. It's definitely the issue with LE and some users have reported it last year https://www.mobileread.com/forums/showthread.php?t=342189&highlight=pocketbook+certificate It was fixed for part of PB devices. Unfortunatelly the last available firmware update for my TL3 (626) is from 2019 :/ Do you know if there are any solutions to update cert by myself without root access?

[JuanJakobo]

For Nextcloud the solution I created was to use your own CaCert.pem. (see herehttps://github.com/JuanJakobo/Pocketbook-Nextcloud-Client/commit/638d9271500b5ac8a7eab2c039d186a308ac5374) As I thought it was finally fixed, I deleted the message and also the fix from the app. This also would not help you with the usage of koreader... So sorry, I dont know...

[wojtek1171]

After some research I've found that there are some solutions to root PB devices but it's a little bit invasive and probably not worth in that case. https://wxcafe.net/posts/pocketbook_dissassembly_and_root/ There is also no guarantee that updating certificate will be possible in embedded OS like emdebian after rooting. TBH I'm a bit disappointed with PB approach to firmware updates. TL3 is not that old. Kobo, Kindle sends updates for devices which are even 10 yars old :/ And updating the certificate is really not a big deal. All in all maybe it's time for a new e-reader but probably not from pocketbook :)

The easiest solution I see here could be adding ability to execute curl with --insecure option. But it's up to you. Maybe it will help someone struggling with the same problem in the future.

Thanks for your work and effort in making all those PB apps. Cheers.

[JuanJakobo]

The rooting itself for me was quite easy. (https://www.mobileread.com/forums/showthread.php?t=325185) Of course it can go wrong. The update of the certs itself, sounds like an interesting work, but currently I have no time for it, sorry. About the upgrade I am also confused, as it should not be that difficult for them...

Sure, i can add that to the Miniflux app, it should be easy. I will add it later this week. Its just sad, that it will not help you with the Koreader app...

[wojtek1171]

Thanks, will take a look at the thread on MR.

Regarding my koreader problem I've found that it's probably not (only?) related to cartificates rather then some errors with InkView or SIGILL that also occurs on other PB devices. Crashing also while trying with OPDS etc. Maybe I will handle that some day.

But even without some koreader's functions, with your miniflux app I will be set for some time :) Exporting highlights are synced with dropbox, calibre library is available with your Nextcloud app. I also try to write a simple script for downloading latest wallabag articles to pocketbook. It looks like I'll have all I nedd with my fellow TL3

[JuanJakobo]

Hi, I saw that you can also serve Wallabag via RSS, so can integrate it into Miniflux. (https://doc.wallabag.org/en/user/configuration/rss.html) I added a prerelease at https://github.com/JuanJakobo/Pocketbook-Miniflux-Reader/releases/tag/0.51. To ignore cert you have to add the line Cert=ignore to https://github.com/JuanJakobo/Pocketbook-Miniflux-Reader/blob/main/miniflux.cfg and place the file at system->config->miniflux

[wojtek1171]

Thanks for that Christmas present :D

How I could overlook that RSS feed option. It really could have solved my problem. Nevertheless my script works ok. I will also check the miniflux integration

Regarding certs again. I found ssl folder with all the certs on one of the pocketbook partitions, so probably after rooting the device it will be possible to add your own cert. I will check that later.

After ignoring cert the app works as expected. I'm closing the issue.

Merry Christmas ;)

[chris0z]

Hey, thanks for your effort but i have some issues on my 626 with 5.x FW. If i add Cert=ignore to my config file i still get the error regarding Error 60 @wojtek1171 Did you found a solution to add the server-cert to your Pocketbook?

[wojtek1171]

Hi, In my case option with Cert=ignore worked. Are you shure you have the latest release 0.52? I didn't try to update certs on my TL626. TBH I switched to Kobo and I'm quite happy with it :)