Skip to main content

How can we help you?

Druva Documentation

FS Backups queued after agent upgrade due to certificate issue


Problem description

File server backups are going in queued state after agent upgrade: 6.1.0-190158 and further.


This happens due to self signed certificates, if a customer has a self signed extra layer of security then it's blocking to install godaddy certificates. Which is required for the communication to 

Note : This can be an environmental and machine specific issue. 

This issue is caused by a bug which is still in open state :


Check : C:\ProgramData\Phoenix\FS\backup\<Job ID> as the jobs are queued. 
level=error ts=2022-10-07T11:47:08.9398596+01:00 message="Failed to create new connection" error="x509: certificate signed by unknown authority"
level=error ts=2022-10-07T11:47:08.9398596+01:00 filename=rpcs.go:381 message="SyncServer newClient connection failed"
level=error ts=2022-10-07T11:47:08.944862+01:00 layer=main message="Failed to create backup agent" error="x509: certificate signed by unknown authority"


  1. Try openssl command on customer environment: Please run below command on customer environment using openssl. 
    To install openssl please refer: OpenSSL for Windows 
    • Install the Openssl
    • Type openssl on command prompt
    • Then it'll open open ssl prompt like OpenSSL>
    • run command:  s_client -showcerts -connect  
  2. If the above command output shows the below error :
    OpenSSL> s_client -showcerts -connect
    depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
    verify error:num=19:self signed certificate in certificate chain
  3. This shows that there is a self signed certificate in the chain which is blocking the installation of the Go daddy certificate.
  4. Check on the server in question whether the godaddy url is accessible. (This point is optional and it is valid if the server has internet access).
  5. Once the above points are verified then check the same steps on any working server in the environment. (As mentioned this can be environmental and machine specific).
  6. If there is a difference in the certificate chain and the working server has the go daddy certificate installed then proceed with next steps.


  • Was this article helpful?