Hello,

I have several joomla sites to update. Joomla 3.9.25 to 3.10.2 and PHP 7.4.24 or 7.4.21. But all with the same problem that appeared on October 1st when I tried to update. This happens for all my sites hosted by Siteground, but also on localhost on my iMac (Mamp Pro), but not on an OVH server on which I also have a Joomla site. But for the OVH site, when I transfer it on my local server, bang, the problem happens! So, this seems to be partly related to the server configuration, but I really don't know what to do about it. Maybe you will have some clues to help me find the solution?

Joomla Update component and Regulalabs Extension Manager are both concerned.

Some extensions are not affected. This is the case for example Akeeba Backup, JCE, sh404SEF, Joomla languages packages… for which Joomla gets the data.

Joomla Update component : error for several extensions, but not all of them: "Update: Could not open update site."
Regularlabs Extension Manager (v 7.5.1, manually updated): "Could not retrieve data from the Regular Labs website. Please try again later."

Sorry, no change.

Best clue found: Problem occurs after 9/30/2021

Siteground tech support was no help at this time, but someone did on the Facebook SiteGround Users Group! The problem seems to be related to that: letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ . And the Siteground server would be involved (with another host, OVH, it works like a charm). But my Siteground server is not the only one involved, because the updates for the Joomla core are working (language packages, optional components), as well as several other third party extensions that I often use.

During the update process (via curl), when the servers communicate with each other, this Joomla file, containing many certificates, is apparently queried: github.com/joomla/joomla-cms/blob/3.10-d...Transport/cacert.pem . If the recovery of the update data fails, perhaps it is because some servers are unable to use this file as expected (because it contains an outdated certificate).

A very complicated problem (I'm not an expert 🙁 at the wrong time (just as I start a batch of updates)!

This guy did some tests with different server configurations under Unix:
medium.com/geekculture/will-you-be-impac...iration-d54a018df257
For me, it's written in Kryptonian! But I can see the probable origin of the problem.

Solved on my localhost (MAMP PRO).
Thnaks to medium.com/geekculture/will-you-be-impac...iration-d54a018df257 I deleted the whole DST Root CA X3 in the cacert.pem file of the OpenSSL folder of my local server (MAMP PRO). It should also work on Siteground servers and I asked them to apply this litte fix for me.

My wrong. Don't touch your server OpenSSL config.

It appears that modifying a single Joomla file solve the problem. I tested on several sites (live sites and localhost) and it works well, I found back a normal behavior and I could update my extensions.

Solution consists in removing the DST Root CA X3 certificate from the cacert.pem file (/libraries/src/Http/Transport/cacert.pem)(obiously, make a backup of the file before).

Probably this "hack" will not be necessary any more in a few days and probably we could use it only during the time we need to update extensions.

I've had this same problem and had been having trouble finding a copy of the DST Root CA X3, so that I knew which part to remove from the cacert.pem - they're not exactly commented in the file and there's heaps of them.

An alternative workaround is to download the new root certificates and add them to the cacert.pm file - I've just done that following the instructions here - www.stephenwagner.com/2021/09/30/sophos-...ration-problems-fix/

And now my updates are working correctly... but of course back up that file before adding the new certificates.

I just tried the solution proposed by Nathan Morrow (thanks to him), by adding the 3 certificates in the Joomla cacert.pem file, but it didn't work for me.

So, as suggested by Stephen Wagner, in the link provided by Nathan: "If you’re still having issues, you can try deleting the “DST Root CA X3” certificate from your existing Root CAs".

Where to find the “DST Root CA X3” in the Joomla cacert.pem file:


Where to find the Joomla cacert.pem file: