@the-other said in Cant access webGUI: Expired certificate!: or you could do it as sasid in the official documentary... https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html look for https cert problems... https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#https-certificate-problems pfSsh.php playback generateguicert should do the trick. It regenerates a new (CA) certificate, assigns it to the GUI, and restarts the GUI. @kenw said in Cant access webGUI: Expired certificate!: CE 2.8 2.8 : I don't recall, but newer versions do warn you about a certificate that you use, and is about to expire. pfSense is even sends notifications (mail or other) if you've set this up.

@jimp said in GUI not accessible after 26.03 update: local self-signed CA and a GUI certificate signed by that CA I had the local CA and gui cert signed.

@jimp I just tested this - and yup seems to clear it up.. WOL button now works from Arp Table in 26.03

@djgans said in New Widget Proposal - ISP Quota / Failover: As before you're are welcome to make whatever changes you want since I've provided the widget code "as-is". If you wish to post your own contributions, again you're welcome to and I even encourage it. Okay. I'll add it to my list and have a go when I can.

@alf42 pfSense has a 'GUI'. That's a complicated word for : it' s a web server, which means the start of the answer to your question is here : [image: 1776850973900-11ae3a2a-b7ea-49c3-8702-3349e40e8713-image.png] Here is the file - line 197 and 199. You might think : that's easy, change the two '16' to 'bigger then 16' and you're done. You have a good chance that this is true. Still, you have to check things : where and how is it saved - what will breal elsewhere as the size in implicit or not; known to be '16 chars max'. ? The final result will be present, of course, in the config.xml file, so start checking that the new name length really is saved. Check also how it is saved : is something else enforcing the '16' char size for 'some, yet to be determined reason'. Check also other, related files, you know now where they are, as the name of the group is used on other web pages = php (and other) files. 16 chars wide can be enforced there also. In short : yes, you can change it, but be ware of the side effects, known, or unknown for the moment. Also, when upgrading, the "system_groupmanager.php" will get overwritten with the new official version. So, instead of editing this file, create your own "patch file" and add it in System > Patches. edit : [image: 1776851821127-8161dcaa-18b1-4f2c-b647-ca8d237178cc-image.png] all goes well ?

@stegbth the pfB virtual IP for DNSBL is usually attached only to localhost and listening on that VIP. Note in 25.11 and now 26.03 the VIP needs to be manually added to localhost and set in pfB DNSBL settings. May be related. Edit: that may be if uninstalled before the update, IIRC if it’s left installed it will keep it?

~~CVE-2025-1647 is an XSS vulnerability in Bootstrap 3.x's data-template attribute in Tooltip and Popover components. The severity in pfSense's specific context is worth understanding before deciding how to respond. The risk in pfSense is significantly lower than the CVE score suggests for a few reasons: The pfSense WebGUI uses Bootstrap tooltips and popovers, but the data-template values are set by Netgate's own PHP code, not by user-supplied input in most cases If your WebGUI is only accessible from trusted internal networks (as it should be), the attack surface is limited to already-authenticated administrators That said, for a vulnerability assessment the finding is legitimate since Bootstrap 3.4.1 is documented as EOL and carrying this CVE. What you can actually do: Upgrade to pfSense Plus 26.03 if you're on CE 2.8.1 and eligible. Netgate has been updating frontend dependencies in the Plus track. Check the release notes to see if Bootstrap was updated. For pfSense CE: there is no supported path to manually upgrade Bootstrap without breaking the webGUI, since the templates are tightly coupled to Bootstrap 3's API. Manually replacing bootstrap.min.js with a 5.x version will break the UI. Mitigation for your assessment: document that WebGUI access is restricted to trusted management networks/VLANs only. This is the standard accepted mitigation for bootstrap-in-admin-UI findings. Most security auditors accept this with a network diagram showing access controls. The "Patches" package chpalmer mentioned can apply unofficial fixes, but there is no community-maintained patch specifically for CVE-2025-1647 at the moment. If you're stuck on CE 2.8.1 with a hard requirement to remediate, the only fully clean path is migrating to pfSense Plus where Netgate controls the update cadence. ~~

@leroyx Thanks for the feedback. I think this "Norton" process scans local network resources once in a while and it checks if known 'bad URLs' gets a web server answer = a web page. In that case you'll see a "Norton local network security issue message" on your PC. That's why you saw these web requests on your pfSense web server log. Remember this one : said in Questionable Error Messages in General Log: Anyway : it's not hard to find out what is happening = what or who is sending these https requests to your pfSense. File names like "index.asp"and "get.cgi" are to generic, but you might have a chance with "loginMsg.js" : locate this text string in every file on your system, and you will find what file it is. Finding this file on your PC, and you can see who made the request. which means that in one of the Norton executables or Norton DDLs you would have found the text "loginMsg.js" so you would have known it was Norton sending these URLs. This : @leroyx said in Questionable Error Messages in General Log: I started TcpLogView on the Computer was a good idea Btw : Normally, when you start to use a PC, you have to go through the rather tedious process called : "remove bloatware". Most PC users don't need Antivirus stuff anymore. And the ones who do, even something like "Norton" can't protect them. so ... remove it all, and keep the CPU for yourself.

Can access to debug cert using Chrome and 'thisisunsafe' at error page (previously nogo because my web search showed spaces, which fails). -No need at all to reinstall pfSense!

I’m not sure whether this is still relevant for you, but I came across your post because I had the same problem. The good news: I found a solution. You can disable the alias pop-ups, which also prevents the preloading (tested in CE 2.8.1). Go to System → User Manager, edit your user using the pencil icon, and make sure Custom Settings is enabled. Then tick the checkbox for Alias Popups.

@Gertjan Thank you. I removed the file, and it loads. I copied the file from a working router (same version) and got the same error. But for now, I can use the dashboard. I will look deeper into why even a new file causes the issue.

This one : Call for Testing: pfSense Plus 26.03 RC Now Available! says : WebGUI Optimizations - The WebGUI code has been optimized. Users may experience a dramatic increase in GUI performance. For me, on a 4100 MAX, the dashboard access time has been in half.

@SteveITS Thank you!

@johnpoz with that music going haha

@timbaeten on Plus it’s almost always old Boot Environments: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-shrink.html