News feed failing on SSL CA cert issue

Hello,
I recently moved a Grav install to a new server, and so far it all seems fine. However, on the admin panel it all looks fine except the news feed gives this error:

Error while trying to download (code: 0): https://getgrav.org/blog.atom Message: problem with the SSL CA cert (path? access rights?) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

I’ve only seen it on this site, so I assume it’s related to the move. Ideas appreciated!

As an update on this particular site, it is also showing an error ‘Cannot connect to the GPM’ in the plugin section, which is very likely connected to the news feed problem.

I tried all the troubleshooting noted in the Learn Common Problems section, but none seemed to work. Should I file an Issue on the GitHub site for this?

I just reset the above and tried it in the UI, in the admin config system, i tried flipping the remote verify peer again and get a subtly different message from when i changes it in the file per the troubleshooting guide:

Error while trying to download (code: 0): https://getgrav.org/blog.atom Message: SSL peer certificate was not ok SSL: certificate subject name ‘www.chat.getgrav.org’ does not match target host name ‘getgrav.org

Any ideas on this? I’m working on the idea that if it’s just me then it’s a hosting issue, but how can I phrase this to their support?

There is of course still the possibility that I’ve somehow instigated this…

Hi! This looks like a hosting issue indeed. If you have SSH access, can you try installing a plugin via command line?

Hi.
I’ve found this host/plan doesn’t have SSH access, which isn’t helping.

I managed to install the Featherlite light box plugin via zip upload through the tools page of the admin UI.

One thing I’ve noticed is related to umask, that the folder and files of that plug-in, and uploaded images for pages are all given these permissions:
folders are 0700 (should be 755)
files are 0600 (should be 644)

Could this explain the cert issue somehow in that it may not have correct permissions somehow, or is this unrelated?

Seriously, unless there is a very good real world reason (maybe cost, annoying client), don’t waste your time with hosting that doesn’t give you SSH access. It’s a competitive space and there are plenty of good, cheap hosts with full offerings.

I hear that!

I’d not run into this host before (Futurism Works) and the site owner pays by the year, and renewed in January just before I was asked to be involved. It’s certainly an opaque system, but at least they respond quickly (?) if that’s an upside. I should hear in my business day about the umask change request. I’d already asked them to update the PHP which was below spec…

I floated the idea early on we should move to another host for greater access and transparency but there’s some resistance to change I suspect - I spent some time trying to figure out their frames based edit n FTP site before telling them something like Grav would be much easier and simpler for them, and test accounts on one of my sites bore that out. I made the point that if the umask doesn’t address the issues we have, then we really should look to move as a backup of the site uploaded to my test shared server worked fine.

I’m resisting the urge to figure it all out beyond the value of time spent.