[Bug]: Nextcloud 24 upgrade fail - bool given in /var/www/html/lib/private/Security/CertificateManager.php

[supermar1010]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

I have the same issue as here: nextcloud/docker#1747
But the solution proposed there does not work for me. My nextcloud uses a S3 bucket as primary storage.

My permissions inside the container look like this:

drwxr-xr-x. 11 www-data root          4096 Jan  3  2021 appdata_ocpjd1r214qj.bak
drwxr-xr-x.  2 www-data www-data      4096 Jan  2  2021 files_external
-rw-r--r--.  1 www-data root             0 Aug  8 14:30 index.html
drwxr-xr-x.  2 www-data root          4096 Jan  3  2021 some_username
-rw-r-----.  1 www-data www-data  64547927 Aug  8 14:30 nextcloud.log
-rw-r-----.  1 www-data www-data 104867462 Jul 13 00:40 nextcloud.log.1
drwxr-xr-x.  2 www-data root          4096 Jan  3  2021 root

Steps to reproduce

1. I'm not sure, for me it was just upgrading my docker image to 24

Expected behavior

The update should work flawless

Installation method

Official Docker image

Operating system

RHEL/CentOS

PHP engine version

No response

Web server

No response

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated to a major version (ex. 22.2.3 to 23.0.1)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "cloud.supermar10.tk",
            "cloud2.supermar10.tk"
        ],
        "overwriteprotocol": "https",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "23.0.3.2",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "objectstore": {
            "class": "\\OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "bucket": "nextcloudsupermar10",
                "key": "***REMOVED SENSITIVE VALUE***",
                "secret": "***REMOVED SENSITIVE VALUE***",
                "region": "",
                "hostname": "s3.eu-central-003.backblazeb2.com",
                "port": "",
                "use_ssl": true,
                "use_path_style": false
            }
        },
        "loglevel": 0,
        "maintenance": true,
        "theme": ""
    }
}

List of activated Apps

Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - calendar: 3.4.2
  - circles: 24.0.0
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contacts: 4.2.0
  - contactsinteraction: 1.5.0
  - dav: 1.22.0
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_pdfviewer: 2.5.0
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notes: 4.4.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - password_policy: 1.14.0
  - photos: 1.6.0
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - recommendations: 1.3.0
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - support: 1.7.0
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - text: 3.5.1
  - theming: 1.15.0
  - twofactor_backupcodes: 1.13.0
  - updatenotification: 1.14.0
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - workflowengine: 2.6.0
Disabled:
  - admin_audit
  - dashboard: 7.1.0
  - encryption: 2.8.1
  - files_external: 1.11.1
  - user_ldap

Nextcloud Signing status

No response

Nextcloud Logs

Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Setting log level to debug
Updating database schema
Updated database
An unhandled exception has been thrown:
TypeError: Cannot assign bool to property OC\Security\CertificateManager::$bundlePath of type ?string in /var/www/html/lib/private/Security/CertificateManager.php:250
Stack trace:
#0 /var/www/html/lib/private/Http/Client/Client.php(127): OC\Security\CertificateManager->getAbsoluteBundlePath()
#1 /var/www/html/lib/private/Http/Client/Client.php(74): OC\Http\Client\Client->getCertBundle()
#2 /var/www/html/lib/private/Http/Client/Client.php(218): OC\Http\Client\Client->buildRequestOptions(Array)
#3 /var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php(120): OC\Http\Client\Client->get('https://apps.ne...', Array)
#4 /var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php(87): OC\App\AppStore\Fetcher\Fetcher->fetch('', '')
#5 /var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php(192): OC\App\AppStore\Fetcher\AppFetcher->fetch('', '', false)
#6 /var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php(188): OC\App\AppStore\Fetcher\Fetcher->get(false)
#7 /var/www/html/lib/private/Installer.php(422): OC\App\AppStore\Fetcher\AppFetcher->get(false)
#8 /var/www/html/lib/private/Updater.php(413): OC\Installer->isUpdateAvailable('accessibility')
#9 /var/www/html/lib/private/Updater.php(274): OC\Updater->upgradeAppStoreApps(Array)
#10 /var/www/html/lib/private/Updater.php(133): OC\Updater->doUpgrade('24.0.3.2', '23.0.3.2')
#11 /var/www/html/core/Command/Upgrade.php(235): OC\Updater->upgrade()
#12 /var/www/html/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#13 /var/www/html/3rdparty/symfony/console/Application.php(1009): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#14 /var/www/html/3rdparty/symfony/console/Application.php(273): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Upgrade), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 /var/www/html/3rdparty/symfony/console/Application.php(149): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#16 /var/www/html/lib/private/Console/Application.php(211): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#17 /var/www/html/console.php(100): OC\Console\Application->run()
#18 /var/www/html/occ(11): require_once('/var/www/html/c...')
#19 {main}

Additional info

No response

[mschilli87]

I have hit this as well, trying to upgrade from Nextcloud 23.0.0 to 24.0.5 (no docker) using occ.

[johackim]

I have this error too with Nextcloud 24.0.6.1 on Docker.

I can't use this commands :

• php occ update:check
• php occ app:update --all
• php occ app:update richdocuments

[supermar1010]

If you need an urgent fix try the following, this is probably bad practice/not recommended: What I did is I manually edited the PHP file where the error was thrown and just put an empty string, where the type error was thrown, then did the update and reverted my changes.

[johackim]

Thanks for the suggestion @supermar1010

Here my temporary fix on lib/private/Security/CertificateManager.php :

 	public function getAbsoluteBundlePath(): string {
+		return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; // TMP FIX
 		try {
 			if (!$this->bundlePath) {
 				if (!$this->hasCertificates()) {

[mschilli87]

I opted to stay at 23.x until a 24.x release that updates cleanly is released. Let me know if I can provide any further information to help resolve this 'properly'.

[szaimen]

This may be a permission issue: nextcloud/docker#1747 (comment)

[mschilli87]

@szaimen: AFAICT, the permissions are correct in my case:

ls -ld nextcloud/apps/files_external

drwxr-x---   11 nextclou www-data      4096 Sep 28 12:30 nextcloud/apps/files_external

Note that my nextcloud installation is owned by the nextcloud user, who is a member of the www-data group. So the upgrade command that triggered the error for me was run as that user:

sudo -u nextcloud php8 nextcloud/occ upgrade

[CarlSchwan]

This should be fixed with bffa67c

[mschilli87]

@CarlSchwan: Since that commit is tagged v25.0.0rc5, does that mean there won't be any 24.x release that won't fail upgrading? And if so, will I be able to update straight from 23.x to 25.x using occ upgrade or do I need to manually patch a 24.x install as others have described here?

[Mister-42]

I still get the very same error with 25.0.1

An unhandled exception has been thrown:
TypeError: Cannot assign bool to property OC\Security\CertificateManager::$bundlePath of type ?string in /[redacted]/nextcloud/lib/private/Security/CertificateManager.php:250
Stack trace:
#0 /[redacted]/nextcloud/lib/private/Http/Client/Client.php(127): OC\Security\CertificateManager->getAbsoluteBundlePath()
#1 /[redacted]/nextcloud/lib/private/Http/Client/Client.php(74): OC\Http\Client\Client->getCertBundle()
#2 /[redacted]/nextcloud/lib/private/Http/Client/Client.php(218): OC\Http\Client\Client->buildRequestOptions()
#3 /[redacted]/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php(120): OC\Http\Client\Client->get()
#4 /[redacted]/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php(87): OC\App\AppStore\Fetcher\Fetcher->fetch()
#5 /[redacted]/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php(192): OC\App\AppStore\Fetcher\AppFetcher->fetch()
#6 /[redacted]/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php(188): OC\App\AppStore\Fetcher\Fetcher->get()
#7 /[redacted]/nextcloud/lib/private/Installer.php(421): OC\App\AppStore\Fetcher\AppFetcher->get()
#8 /[redacted]/nextcloud/lib/private/Updater.php(421): OC\Installer->isUpdateAvailable()
#9 /[redacted]/nextcloud/lib/private/Updater.php(282): OC\Updater->upgradeAppStoreApps()
#10 /[redacted]/nextcloud/lib/private/Updater.php(141): OC\Updater->doUpgrade()
#11 /[redacted]/nextcloud/core/Command/Upgrade.php(225): OC\Updater->upgrade()
#12 /[redacted]/nextcloud/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute()
#13 /[redacted]/nextcloud/3rdparty/symfony/console/Application.php(1009): Symfony\Component\Console\Command\Command->run()
#14 /[redacted]/nextcloud/3rdparty/symfony/console/Application.php(273): Symfony\Component\Console\Application->doRunCommand()
#15 /[redacted]/nextcloud/3rdparty/symfony/console/Application.php(149): Symfony\Component\Console\Application->doRun()
#16 /[redacted]/nextcloud/lib/private/Console/Application.php(213): Symfony\Component\Console\Application->run()
#17 /[redacted]/nextcloud/console.php(100): OC\Console\Application->run()
#18 /[redacted]/nextcloud/occ(11): require_once('...')
#19 {main}

[Mister-42]

I thought it might be a leftover from previous data, so I deleted everything, did a clean install with S3 as primary data storage and ran into the same error still.
25.0.1

@CarlSchwan, whould you mind reopening this?

[mschilli87]

I tried to reproduce the isse observed by @Mister-42 but failed to do so since upgrading from 23.x to 25.x (see my earlier question) turns out not to be supported.

sudo -u nextcloud php8 nextcloud/occ upgrade

Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Setting log level to debug
Turned on maintenance mode
Exception: Updates between multiple major versions and downgrades are unsupported.
Update failed
Maintenance mode is kept active
Resetting log level

So is there any viable upgrade path from 23.x to the latest version that does not require re-installation from scratch or manually editing source files in a directory called Security?

[mschilli87]

I can confirm that

1. @johackim's temporary fix enables upgrading from 23.x to 24.x, and
2. it is still required (but also sufficient) to upgrade from 24.7 to 25.1 (as reported by @Mister-42).

Is it required (and safe) to leave the change to lib/private/Security/CertificateManager.php in-place after successfully running occ upgrade or can (and should) it be changed back during the actual operation of the updated Nextcloud server?

[Messj1]

I suggest to reopen this issue and fix the main error which was introduced in following commit 8 month ago #31605

@icewind1991 can you fix this bug. You try to convert string|bool in a string.

server/lib/private/Security/CertificateManager.php

Line 61 in ad77bf4

private ?string $bundlePath = null;

server/lib/private/Security/CertificateManager.php

Line 250 in ad77bf4

$this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle());

server/lib/public/Files/Storage/IStorage.php

Lines 312 to 320 in 72744a7

	/**
	* get the path to a local version of the file.
	* The local version of the file can be temporary and doesn't have to be persistent across requests
	*
	* @param string $path
	* @return string|bool
	* @since 9.0.0
	*/
	public function getLocalFile($path);

Possible solution:

    public function getAbsoluteBundlePath(): string {
        try {
-            if (!$this->bundlePath) {
+            if ($this->bundlePath === null) {
                if (!$this->hasCertificates()) {
                    $this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
                }

                if ($this->needsRebundling()) {
                    $this->createCertificateBundle();
                }

-                $this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+                $bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+                if($bundlePath !== false) {
+                    $this->bundlePath = $bundlePath;
+                }
            }
            return $this->bundlePath;
        } catch (\Exception $e) {
            return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
        }
    }

Is it possible to receive true by OCP\Files\Storage\IStorage::getLocalFile($path), and what would it mean?

I'm also not sure about the logic. The property CertificateManager::bundlePath is set "twice" since the return statement were removed in #31605

So i suggest to change the code as followed:

    public function getAbsoluteBundlePath(): string {
        try {
-           if (!$this->bundlePath) {
+           if ($this->bundlePath === null) {
-               if (!$this->hasCertificates()) {
-                   $this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
-               }

                if ($this->needsRebundling()) {
                    $this->createCertificateBundle();
                }

-               $this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+               $bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+               if($bundlePath === false) {
+                   return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+               }
+               $this->bundlePath = $bundlePath;
            }
            return $this->bundlePath;
        } catch (\Exception $e) {
            return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
        }
    }

comment to update:
@icewind1991 Sorry, was my fault. I misconfigured s3 during reproduction and accidentally mixed the errors in the log file. It seem to be okay to use a ! instead of a null check .

[Messj1]

Almost forgot to mention, that there is also a cheap solution ... use Throwable instead of Exception since Throwable includes also Errors like TypeError.

-       } catch (\Exception $e) {
+       } catch (\Throwable $e) {
            return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
        }

[szaimen]

Almost forgot to mention, that there is also a cheap solution ... use Throwable instead of Exception since Throwable includes also Errors like TypeError.

-       } catch (\Exception $e) {
+       } catch (\Throwable $e) {
            return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
        }

sounds good to me. Can you open a PR with that? :)

[mschilli87]

Just reporting back that

1. I still hit this upgrading 25.0.1 to 25.0.2,
2. Manually applying Check return value and improve error handling on certificate manager #35092 did not fix the issue for me.
3. @johackim's temporary fix did though.

[Messj1]

Sounds like another error. The bugfix worked on my server ... 🤨

@mschilli87 Can you also report the error message?

[mschilli87]

@Messj1:

Can you also report the error message?

Unless the error message is saved in some log file I could still check, unfortunately no. I thought is was the same but did not carefully check. I saw an error in CertificateManager.php and somethin about 'bool' and given that this was the only errer I ever encountered when upgrading Nextcloud and this issue provided a working fix the last two times, I came here and started working around it. 🤷 😅
In case I hit it again on the next upgrade I'll make sure to report back and ping you.

[mschilli87]

@Messj1: This is the error message I get when I try to update from 25.0.2 to 25.0.3:

An unhandled exception has been thrown:
TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php:161
Stack trace:
#0 /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php(161): fwrite()
#1 /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php(247): OC\Security\CertificateManager->createCertificateBundle()
#2 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(127): OC\Security\CertificateManager->getAbsoluteBundlePath()
#3 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(74): OC\Http\Client\Client->getCertBundle()
#4 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(218): OC\Http\Client\Client->buildRequestOptions()
#5 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php(120): OC\Http\Client\Client->get()
#6 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php(87): OC\App\AppStore\Fetcher\Fetcher->fetch()
#7 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php(192): OC\App\AppStore\Fetcher\AppFetcher->fetch()
#8 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php(188): OC\App\AppStore\Fetcher\Fetcher->get()
#9 /usr/share/webapps/nextcloud/lib/private/Installer.php(421): OC\App\AppStore\Fetcher\AppFetcher->get()
#10 /usr/share/webapps/nextcloud/lib/private/Updater.php(424): OC\Installer->isUpdateAvailable()
#11 /usr/share/webapps/nextcloud/lib/private/Updater.php(285): OC\Updater->upgradeAppStoreApps()
#12 /usr/share/webapps/nextcloud/lib/private/Updater.php(144): OC\Updater->doUpgrade()
#13 /usr/share/webapps/nextcloud/core/Command/Upgrade.php(225): OC\Updater->upgrade()
#14 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute()
#15 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Application.php(1009): Symfony\Component\Console\Command\Command->run()
#16 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Application.php(273): Symfony\Component\Console\Application->doRunCommand()
#17 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Application.php(149): Symfony\Component\Console\Application->doRun()
#18 /usr/share/webapps/nextcloud/lib/private/Console/Application.php(213): Symfony\Component\Console\Application->run()
#19 /usr/share/webapps/nextcloud/console.php(100): OC\Console\Application->run()
#20 /usr/share/webapps/nextcloud/occ(11): require_once('...')

[mschilli87]

@Messj1: Here is the error when upgrading from 25.0.3 to 26.0.0:

An unhandled exception has been thrown:
TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php:161
Stack trace:
#0 /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php(161): fwrite()
#1 /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php(247): OC\Security\CertificateManager->createCertificateBundle()
#2 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(129): OC\Security\CertificateManager->getAbsoluteBundlePath()
#3 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(76): OC\Http\Client\Client->getCertBundle()
#4 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(226): OC\Http\Client\Client->buildRequestOptions()
#5 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php(120): OC\Http\Client\Client->get()
#6 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php(86): OC\App\AppStore\Fetcher\Fetcher->fetch()
#7 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php(190): OC\App\AppStore\Fetcher\AppFetcher->fetch()
#8 /usr/share/webapps/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php(187): OC\App\AppStore\Fetcher\Fetcher->get()
#9 /usr/share/webapps/nextcloud/lib/private/Installer.php(421): OC\App\AppStore\Fetcher\AppFetcher->get()
#10 /usr/share/webapps/nextcloud/lib/private/Updater.php(420): OC\Installer->isUpdateAvailable()
#11 /usr/share/webapps/nextcloud/lib/private/Updater.php(281): OC\Updater->upgradeAppStoreApps()
#12 /usr/share/webapps/nextcloud/lib/private/Updater.php(140): OC\Updater->doUpgrade()
#13 /usr/share/webapps/nextcloud/core/Command/Upgrade.php(225): OC\Updater->upgrade()
#14 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute()
#15 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Application.php(1009): Symfony\Component\Console\Command\Command->run()
#16 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Application.php(273): Symfony\Component\Console\Application->doRunCommand()
#17 /usr/share/webapps/nextcloud/3rdparty/symfony/console/Application.php(149): Symfony\Component\Console\Application->doRun()
#18 /usr/share/webapps/nextcloud/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run()
#19 /usr/share/webapps/nextcloud/console.php(100): OC\Console\Application->run()
#20 /usr/share/webapps/nextcloud/occ(11): require_once('...')
#21 {main}%

[Messj1]

@mschilli87: This is not the same error but also the same type of error.

An unhandled exception has been thrown:
TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php:161
Stack trace:
#0 /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php(161): fwrite()
#1 /usr/share/webapps/nextcloud/lib/private/Security/CertificateManager.php(247): OC\Security\CertificateManager->createCertificateBundle()
#2 /usr/share/webapps/nextcloud/lib/private/Http/Client/Client.php(129): OC\Security\CertificateManager->getAbsoluteBundlePath()

If you have a look at

server/lib/private/Security/CertificateManager.php

Line 161 in 62cfd3b

fwrite($fhCerts, $defaultCertificates);

you can see that the first parameter must be the bool. (PHP fwrite reference)

fwrite(resource $stream, string $data, ?int $length = null): int|false

The resource parameter is set as return value of View class

server/lib/private/Security/CertificateManager.php

Line 148 in 62cfd3b

$fhCerts = $this->view->fopen($tmpPath, 'w');

The return value is a resource if I only read the doc

server/lib/private/Files/View.php

Lines 973 to 979 in 62cfd3b

	/**
	* @param string $path
	* @param string $mode 'r' or 'w'
	* @return resource
	* @throws LockedException
	*/
	public function fopen($path, $mode) {

but the function returns for sure also other types

server/lib/private/Files/View.php

Lines 1006 to 1016 in 62cfd3b

	$handle = $this->basicOperation('fopen', $path, $hooks, $mode);
	if (!is_resource($handle) && $mode === 'r') {
	// trying to read a file that isn't on disk, check if the cache is out of sync and rescan if needed
	$mount = $this->getMount($path);
	$internalPath = $mount->getInternalPath($this->getAbsolutePath($path));
	$storage = $mount->getStorage();
	if ($storage->getCache()->inCache($internalPath) && !$storage->file_exists($path)) {
	$this->writeUpdate($storage, $internalPath);
	}
	}
	return $handle;

Since the pull request #35092 ist still open I can commit the solution there:

		$fhCerts = $this->view->fopen($tmpPath, 'w');
+
+		if (!is_resource($fhCerts)) {
+			throw new \RuntimeException('Unable to open file handler to create certificate bundle "' . $tmpPath . '".');
+		}