People still reporting "Unable to trust host encryption certificate"

[jatapa]

There are people in unturned steam page and in official discord saying that they get "Unable to trust host encryption certificate" error when connecting to a servers. For example: https://steamcommunity.com/app/304930/discussions/11/2994292014279371093/

[Yasamashi]

I basically wanted to create a server for my friends and me to play together. I did all the stuff on port forwarding and am using the Dedicated Server app on Steam. I gave it +InternetServer/Name and used the Commands.dat to set how I wanted it. Also installed some Workshop mods. When I try to join I get an error saying "Unable to trust hoat encryption certificate". Hope it's clear, I'll give any other info if needed.

[SDGNelson]

Could you attach the Client.log file please? To determine whether it is the certificate expiry issue, or a repeat of the OpenSSL issue. Also are you playing on a Windows laptop Yasamashi?

1. Right-click Unturned in your Steam Library
2. Select Properties > Local Files > Browse Local Files
3. Attach Client.log from the Logs folder after getting that error

[Yasamashi]

Sure, here you go! Also no, I'm playing on a desktop PC with Windows and AMD components (Ryzen 5 3600X CPU and RX 5700XT 8GB GPU). Client.log

[Yasamashi]

Oh, I also tried (under jatapa's advice) to set -NetTransport=SteamNetworking in the server's command line and, in that case, I didn't get the host encryption certificate error but I couldn't connect anyway, it said "Server lost your connection" after 15 seconds.

[SDGNelson]

Thanks! If you create a file named "steam_appid.txt" in your server's folder (e.g. U3DS/steam_appid.txt) and save the contents as "304930" (without quotes) does it work properly again for you? It looks like that was mistakenly removed at some point, will fix.

[Yasamashi]

It changes back to the Dedicated Server appid, also got the trust error again without the -NetTransport=SteamNetworking, while the server doesn't respond with it.

[SDGNelson]

What do you mean it changes back to the dedicated server appid? Is the file overwritten with the value of 1110390 instead?

I suspect the reason for both the trust error and the not responding issue are because your server is running with a different appid (according to the log).

[Yasamashi]

Yeah, sorry, maybe that wasn't clear: the Dedicated Server app on Steam has a different appid than Unturned, when I try to modify it, it default to its 1110390 ID instead.

[Mithallas]

My server also experiences these issues whenever you update the game to use the new Steam Networking transport layer. Usually server is online for one or two days before the "Unable to trust host encryption certificate" starts happening to people. Attempting to revert back to the old one with -NetTransport=SteamNetworking also makes it so no one can connect. I am using the dedicated server install

edit: I already have an existing file in my main install folder named steam_appid.txt and its contents are 304930

I also have noticed plugins are unable to get player IPs so its not possible to IP ban anymore

[Yasamashi]

I will try doing the usual shortcut to Unturned stuff to check if it's gonna work. I'll reply as soon as I can with the results.

[Yasamashi]

Ok, tried with the usual batch pointing to ServerHelper.bat, with and without -NetTransport=SteamNetworking it gives me the error "Lost connection to host or Steam Network".

[TH3AL3X]

My server also experiences these issues whenever you update the game to use the new Steam Networking transport layer. Usually server is online for one or two days before the "Unable to trust host encryption certificate" starts happening to people. Attempting to revert back to the old one with -NetTransport=SteamNetworking also makes it so no one can connect. I am using the dedicated server install

edit: I already have an existing file in my main install folder named steam_appid.txt and its contents are 304930

I also have noticed plugins are unable to get player IPs so its not possible to IP ban anymore

You can get player IP, but you need to use other method thats the problem

[SDGNelson]

@Mithallas can you share the Client.log file after that happens again please? There may be further details about which specific trust issue it is, e.g. the OpenSSL issue, the expiry issue, or something else.

If you are using the latest version of LDM (from 26 days ago) UnturnedPlayer.IP does use the transport layer address, however using the System.Net.IPAddress is recommended because the new implementation uses IPv6.

[minecraftien76]

my client.log Client.log

[SDGNelson]

Thanks for the log @minecraftien76! It looks like the certificate expiry bug which PandahutMiku has reported to Valve this weekend. Hopefully we will hear from them soon, but for the meantime you should be able to join any other server, or if the server is restarted the certificate should get renewed.

[minecraftien76]

happy that i've been able to help

[Yasamashi]

News! I managed to make a little step ahead, it turns out I needed to update my server app through SteamCMD, now when I connect it tells me "You lost your place in the queue". Here's the Client.log Client.log

[Yasamashi]

Ok, the queue problem was because I connected to SteamCMD via my credentials so my client wasn't logged on anymore. Fixed that, it works now! As far as I know, if people find this kind of issue I'd let them update their server through SteamCMD. Hope this will help other people getting into this kind of issue.

[GazziFX]

Same issue on unity-2019 branch and also a lot of asset errors Client.log

[DrunkMan12]

Hi guys. I have a very similar problem. I play on the same server, a couple of hours ago everything was fine, and now again this error, attach client. log Client.log

[GazziFX]

@DrunkMan12 try restart steam, it helped me

[DrunkMan12]

@GazziFX Bullshit.

[SDGNelson]

@DrunkMan12 no need for rude language. In your case it was the certificate expiry issue, in which case restarting the server forces a renewal, whereas in GazziFX's case it looks like restarting Steam either updated or perhaps retrieved a different set of CAs.

[DrunkMan12]

@SDGNelson I am russian, sorry I can't help swearing in this situation. Server is not my.

[SDGNelson]

Anyway: I have mixed feelings about whether to temporarily revert to the old networking again this Friday.

The old networking has problems with players getting dropped after authenticating, crashing bugs, and performance is worse.

On the other hand there is this certificate expiry issue affecting many servers sporadically with the new networking.

Caught between a rock and a hard place.

[jatapa]

Well the fact that nobody has responded to Miku's issue on the Valve github page after 5 days it might be better to revert to the old version but that is up to you. Also valve being valve it might take them weeks to fix it or even to look at it.

[SDGNelson]

I agree that it is not looking good for a quick fix. Unsure which side effects are worse however. Right now I am leaning towards reverting to old networking.

[MassimoDeLuca]

Previously (AFAIK) server owners could revert to the old networking with a launch argument. Is it possible to invert that and make it a launch argument for enabling the new networking? This would still allow testing and a slower (though more stable) transition.

[SDGNelson]

Good news! From the other issue it sounds like they simply need to update the Steam dedicated server redist files.

@ModernMoGamer It is still possible. You can set "-NetTransport=SteamNetworking" to use the old, and "-NetTransport=SteamNetworkingSockets" to use the new.

[Mithallas]

how do we update steam dedicated server redist files

[SDGNelson]

To clarify: Valve needed to update the files. They pushed the update, so next time you run app_update in steamcmd it should install the latest version.

[Yasamashi]

Maybe I was a bit vague ^^" Open SteamCMD, when it updates write in the console "login " (without quotes) where username and password are your Steam credentials. After that you want to input another command which is "app_update 110390" to update the server program. After it's done close the console, relog into your Steam account (mandatory, otherwise "Queue #1" bug happens) and it should work.

[SDGNelson]

@Yasamashi alternatively you can use "login anonymous" to avoid that problem. Using an anonymous login is the recommended way to update your server.

[Buckykiller3000]

@Yasamashi @SDGNelson when i put in "login anonymous" it says "ERROR! Failed to install app '110390' (No subscription)" i was wondering if you could help me understand the problem because my favorite server is saying unable to trust host encryption certificate

[ghost]

@Yasamashi @SDGNelson when i put in "login anonymous" it says "ERROR! Failed to install app '110390' (No subscription)" i was wondering if you could help me understand the problem because my favorite server is saying unable to trust host encryption certificate

If by favorite server, you mean server out of your control, nothing you can do would fix it.

Otherwise Unturned's Dedicated Server's APP ID is 1110390, not 110390. Make sure you're inputting it right.

[SDGNelson]

Has anyone gotten further reports of this issue? Valve seems to have resolved it.

[Yasamashi]

I didn't have any problem at all these days, that's great! I updated server and client to the latest version and went fine too, no problem at all. Mine is a small scale server, I don't know about bigger ones tho.

[ghost]

Has anyone gotten further reports of this issue? Valve seems to have resolved it.

We haven't had any more reports of the issue, and even in Unturned's Official Discord I haven't really seen anyone complaining about it. The Friday update was good timing to force all the servers to update.

I've seen people report the "Lost connection to host or Steam network" with other servers and such, but no one has reported the issue with our servers. I would imagine that issue has to do with sync sql/repeated main thread blocking plugins.