PSA: Your Zettlr Setup Can't Check For Updates

PSA: Your Zettlr Setup Can't Check For Updates

This is a public announcement regarding Zettlr. Please read it in its entirety if you use Zettlr! Or, if you just want to see how quickly the internet can break down. In any case: No version of Zettlr can check for updates. As soon as a version is released that is capable of doing so again, please consult our official Twitter account and our GitHub repository.

PSA: Your Zettlr Setup Can't Check For Updates

PSA: Your Zettlr Setup Can't Check For Updates

TL;DR: No version of Zettlr can check for updates right now. Unfortunately, you will have to check manually for updates this one time. Please monitor our Twitter account until then!

Update October 1, 2021: The Electron team was incredibly fast and released a fix in less than 12 hours. We followed suit and released a fix this morning. Please download the latest release now manually by visiting our GitHub Releases page. If you are visiting at a later time, check here first if there is a newer release available.

A few hours ago I was experimenting with a few new things in Zettlr during a short break from an otherwise zoom-filled day. Suddenly, I noticed something odd: when starting the app in development mode, I can see what is happening during startup, and as you may know, one thing Zettlr does during startup is check for updates. To check for updates, it needs to connect to the Zettlr server which has the most recent update information available. However, the logs were showing that an error has occurred and Zettlr could not check for updates. More specifically, the error mentioned that the server's SSL certificate had expired and, consequently, the app could not securely connect to the server to check for updates.

An SSL certificate is basically a way for an app to ensure it is connecting to the correct server and not some imposter which may attempt to bring harm to your computer. I have written in length about how SSL certificates work here. Since Zettlr's server is using certificates issued by Let's Encrypt because they are free, these certificates expire quickly and so I thought "maybe I just have to renew the certificate". But before doing so, I visited the API endpoint using my browser and, behold: The certificate was valid. I grew curious and verified the certificate using various methods including an SSL check website and the openSSL command line tool. All tests confirmed: The certificate was still valid. Only the app was malfunctioning. I additionally confirmed that the regular app – that is, the app you also have on your computer – refused to connect as well.

After renewing the certificate several times, restarting the webserver and testing out different other methods the app still refused to connect. It took about two hours until I found the answer to this puzzle in this issue on the Electron repository. So what happened?

Today the root certificate of Let's Encrypt expired. Normally this is no problem since there is another root certificate by Let's Encrypt which won't expire until a few years from now, so no SSL certificate in use is actually invalid. However, due to a misconfigured flag in Electron, any Electron app is unable to detect that and, subsequently, refuses to connect to any web server that proves its identity using a Let's Encrypt certificate. This does not just include Zettlr but also big apps, such as Slack or VS Code. No Electron app is currently capable of connecting to any server featuring Let's Encrypt certificates.

A fix is already in the making, and soon we should have a patched Electron version that is capable of connecting to servers with Let's Encrypt certificates again, but until then the update check will not work.

I could quickly "fix" the problem by removing the safeguards of unsafe SSL certificates, but that would put any app at risk, so I will not do so. Rather, I have chosen the following plan of action:

  1. First, I will wait until a patched version of Electron is out
  2. Then, I will immediately release the last Zettlr 2.0 beta and announce that fact on our Twitter and Discord.
  3. Please immediately download this version then, even if you are still using Zettlr 1.8.9 – that version is also affected.

Since Zettlr cannot check for updates, you will have to manually check either our Twitter-account, the Discord server or our GitHub releases page.

I would like to apologize for this inconvenience, but it seems to be the safest solution for you at the moment with minimal additional work on your part.