Support

So, your host doesn't know how its own server is set up and how to determine that? Do they realise that this is what you pay them, not us, to do? Anyway. As it happens I know how to manage servers on top of everything else.

If you are using curl or wget to run your CRON jobs then it's curl or wget (whatever you are using in your CRON job). They can very easily determine that themselves:

• curl: run curl --version and examine the first line of the output. It may be linked against OpenSSL, LibreSSL or GnuTLS and it reports that and the version of the library it's compiled against.
• wget: run wget --version and examine the "Compile:" part of the output. It will reference the SSL library path it was compiled against.

If you are using akeeba-altbackup.php then it's PHP itself that uses GnuTLS. Namely, the PHP cURL module is compile against a libcurl that's linked to GnuTLS instead of OpenSSL. This can be verified by examining the phpinfo() output, as your host should very well know (under the cURL header, the SSL Version row).

That is to say, they don't need to ask me, a third party developer, how their own server is set up. Not only it is something they should know, it's something they can easily determine with very simple commands. This is server management 101. They are paid to know that and even more advanced stuff about how to manage a server. The fact that they don't doesn't bode very well with their ability to figure out a solution...

To be clear, which shell you are using to run CRON jobs is not relevant to your issue. 

To make sure that we are all on the same page I would like you to please paste the CRON command line in your next message. If it includes any passwords or other sensitive information please replace it with XXXXXX. This is important. There is something different at play when you're using wget, curl, a PHP script we provided with our software or something else.

You are trying to use wget to access the frontend backup URL. wget is a system utility that is part of the server, not supplied by us. Even a Linux newbie would know that.

wget is trying to connect to your site, focusedmindset.dk. It fails with a GnuTLS error saying that it cannot figure out how to connect to it. This means that the URL has not been loaded, Joomla has not loaded, therefore our software has not run. So your host insisting otherwise only shows that he doesn't understand even the absolute basics of how web servers work.

Based on the error message we suspect that wget is compiled against GnuTLS based on the error message. A competent host would check that by running wget --version and checking the Link information in the output.

Assuming that indeed wget is compiled against GnuTLS (and your host will see that this is indeed the case) we need to debug the TLS connection. The way to do it is running gnutls-cli-debug focusedmindset.dk from a command line on the affected server to see what is going on. Doing that from my Ubuntu Server 20.04 machine shows that I can, indeed, connect to your site just fine. If he does the same from his server he will find out one of the following:

• He's using an older version of GnuTLS which does not support ECDSA SHA-256 certificate signatures which are used by the Let's Encrypt certificate on your site.
• He's preventing loopback connections.

The former requires a system upgrade. The latter is a firewall configuration. Both of these are under the sole and absolute control of the host. We have nothing to do with it and we CAN NOT have anything to do with it.

Here's the thing. You are paying your host to know all of these things and much more. Their job is to literally run a server. They have proven that they don't know even the basics of managing a Linux system, let alone run a server. My professional advice is to move your sites to a different, more competent host as soon as humanly possible. If your current host doesn't even know that wget is part of his system or how to tell if it's compiled against GnuTLS or OpenSSL there is not a cat's chance in Hell they know how to secure the server.

It's possible that they upgraded or changed something in their servers just now. It's also possible that the person you are talking to is greener than grass.

Try escalating your ticket with your host's engineering team. If there's no engineering team... let's just say it wouldn't be a very good sign.