Unacceptable TLS certificate (Online accounts)

Hi everyone! I installed Fedora 35 on my laptop a few days ago and the experience has been fantastic overall. However, I’ve ran into a problem while trying to add my online accounts. When I sign in with my Google or Microsoft account, the message “Unacceptable TLS certificate” appears. I have been trying to find a way to fix it but I haven’t found anything. I did a little bit of research and I reinstalled ca-certificates but it didn’t solve the problem.

c86ef09caca1bd4245a4872f05db295b837a4e94.jpeg1038×732 79 KB

These are the threads I found about this problem:

https://bbs.archlinux.org/viewtopic.php?id=195585

I’m kind of a new Linux user so this may be really easy to solve. Anyway, any help would be really appreciated. Thank you!

This could be a sign that you are behind a proxy.
Or your traffic is filtered and redirected somewhere upstream.
To isolate the issue, try enabling DoT and using a VPN.

Thanks for trying to help me! I’ve followed your instructions and the issue persists.

What time is it?
Really. One reason could be a wrong date/time on your computer.

I’ve just double-checked the settings, date and time are correct.

Could you run this command?
echo | gnutls-cli -d 1 accounts.google.com -p 443 | fpaste

(It performs a connection to accounts.google.com then will paste the output to a pastebin service). Just to check if the problem is somewhat system wide or limited to GNOME Online Accounts.

Here is the output: https://paste.centos.org/view/19ff79bc

The result is ok.

Look here: G_TLS_CERTIFICATE_GENERIC_ERROR/"Unacceptable TLS certificate" for https://account.live.com certificate (#180) · Issues · GNOME / glib-networking · GitLab and other tickets there.
It’s not clear to me what is the point. It seems related to glib-networking
Btw GNOME Online Accounts works on my system.

Does your system is fully updated?
What is the version of glib-networking on your system?
rpm -q glib-networking

I have everything up to date with GNOME Software. I ran into this issue just after the first boot, with a clean installation, which seems really weird to me.

I have glib-networking-2.70.1-1.fc35.x86_64.

By the way, I also have a problem with GNOME extensions. I have the browser extension and chrome-gnome-shell installed but the page says that native host connector is not detected. I don’t know if these two issues can be related in any way. If not, I plan to elaborate on that issue in another thread.

I agree that it is weird.
Try to lower the crypto policy
sudo update-crypto-policies --set LEGACY

Out of curiosity, how did you do it?

It worked! Thank you so much!!!
I’ve connected my Google and Microsoft accounts and it works perfectly.

I did sudo dnf reinstall ca-certificates, I don’t know if that’s the right way to do it.

I was wondering why it wasn’t working and abandoned trying some time ago. But thanks for the fix.

Would this impact on security if we set this policy to legacy?

No. As far as I know, it simply allow to accept keys and certificates (i.e. for ssh and https) that are still using older (and sometimes deprecated) encryption algorithms.

The weird thing however is that GNOME Online Accounts works for me without setting such crypto policy to legacy.

Thanks