Second that. Please apply the mentioned workaround from the SK and see if it helps

SK mentions R82 & R82.10 estate is R81.20.

My LAB CPUSE is able to dial cloud services now so looks like an intermittent issue. 

Here, it did not help. It might not even be related...

I had the FDT error, starting at 2026-03-01 - 16:08:56 CET on one cluster member and it still occurs after having installed the hotfix.

Now, the other member also had the FDT error in the DA_UI.log, starting at 2026-03-01 - 18:40:48 CET but was able to successfully check for updates again an hour before I installed the hotfix.

Edit: cluster on R82 JHF60.

Hello

if you take a look here https://community.checkpoint.com/t5/Firewall-and-Security-Management/Certificate-and-CRL-validation-... as suggested by @_Val_ try to apply the workaround.

Give it a chance (if not already done).

• I applied Check_Point_R82_JHF_T44_TIME_FIX_MAIN_MAIN_Bundle_T5_FULL.tar
• I extended the CRL Grace period of “Grace period before the CRL is valid” and “Grace period extension for SecuRemote/SecureClient” properties to 93600 seconds.
• I ran the cpca_client recreate_crls Clish command

Result of the "Check for Updates in the WebUI" is still the "Connection error, FDT - Unexpected error code".

Using the test from GAIA WebUi Failed to receive updates from Check Point Download Center. Please verify a valid license :

[Expert@management:0]# curl_cli -v https://updates.checkpoint.com
* Rebuilt URL to: https://updates.checkpoint.com/
*   Trying 18.245.31.62...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (18.245.31.62) port 443 (#0)
* ALPN, offering http/1.1
* *** Current date is: Wed Mar  4 11:51:32 2026
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Wed Mar  4 11:51:32 2026
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* err is -1, detail is 1
* errdetail=0x1416f086
ERR_lib_error_string: SSL routines
 ERR_func_error_string: tls_process_server_certificate
 ERR_reason_error_string: certificate verify failed
 ERR_error_string: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[Expert@Management:0]#


[Expert@Management:0]# curl_cli -v -k https://updates.checkpoint.com
* Rebuilt URL to: https://updates.checkpoint.com/
*   Trying 18.245.31.99...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (18.245.31.99) port 443 (#0)
* ALPN, offering http/1.1
* *** Current date is: Wed Mar  4 11:57:57 2026
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Wed Mar  4 11:57:57 2026
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* err is -1, detail is 2
* *** Current date is: Wed Mar  4 11:57:57 2026
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
*  subject: CN=*.checkpoint.com
*  start date: Jun  3 12:12:04 2025 GMT
*  expire date: Jul  5 12:12:03 2026 GMT
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* servercert: Finished
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Connection: keep-alive
< Date: Wed, 04 Mar 2026 10:57:57 GMT
< Server: awselb/2.0
< X-Cache: Error from cloudfront
< Via: 1.1 193d38535c6cb246e365763e9c32e672.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: FRA56-P8
< X-Amz-Cf-Id: IlLy5TYKtAMWmERzDKYyzujfqJNFsv0xayt6irMetfEU6Q3ArmMxfQ==
<
* Connection #0 to host updates.checkpoint.com left intact
Page not found!
[Expert@Management:0]#

UPDATE!

R&D have responded that there is a new DA build for this issue that will be released on SUNDAY.

I am awaiting further details. 

Hi

Can you please send me the /opt/CPInstLog/DeploymentAgent.log ?

I'd like to verify the error you encounter

boazo@checkpoint.com

Thanks