• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Solved - Upgrading from 2.6.0 to Plus - Unable to check for updates

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
27 Posts 12 Posters 8.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rcoleman-netgate Netgate @bingo600
    last edited by Mar 22, 2022, 10:43 PM

    @bingo600 You should be able to do this now -- we have been working on this on the backend to track down the issue and I think we may have taken care of it.

    Please let me know.

    Ryan
    Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
    Requesting firmware for your Netgate device? https://go.netgate.com
    Switching: Mikrotik, Netgear, Extreme
    Wireless: Aruba, Ubiquiti

    B 1 Reply Last reply Mar 23, 2022, 5:35 AM Reply Quote 0
    • B
      bingo600 @rcoleman-netgate
      last edited by bingo600 Mar 23, 2022, 5:38 AM Mar 23, 2022, 5:35 AM

      @rcoleman-netgate

      Sorry . It was ZZzzzz time in EU land

      I just tried again , now it can see the repos

      2aadd910-dd6c-4f61-af77-aed1967ca56e-image.png

      65d0eae6-4dc4-467d-8484-896e756483fc-image.png

      Currently doing an upgrade via ssh console (13)

      Success ...
      3dcf5b54-b055-48e1-92d1-c24aa6d4f22d-image.png

      Thank you for the support 👍

      Now it reports:
      22f22673-f9c5-403f-9db7-3a3df3a5ba2f-image.png

      /Bingo

      If you find my answer useful - Please give the post a 👍 - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • B bingo600 referenced this topic on Mar 26, 2022, 7:56 AM
      • B bingo600 referenced this topic on Mar 26, 2022, 7:57 AM
      • B bingo600 referenced this topic on Mar 26, 2022, 8:01 AM
      • B bingo600 referenced this topic on Mar 26, 2022, 8:30 AM
      • B bingo600 referenced this topic on Mar 26, 2022, 8:34 AM
      • B bingo600 referenced this topic on Mar 26, 2022, 8:34 AM
      • Z
        zachtywebb
        last edited by Mar 26, 2022, 2:56 PM

        @rcoleman-netgate

        I am having a similar issue trying to update from 2.5.2 to 2.6.0.

        I show "Version 2.6.0 is available" on the dashboard.

        2022-03-26_07-50-17.png

        But, when I go to the updates page I get "Unable to check for updates".

        2022-03-26_07-51-00.png

        T 1 Reply Last reply Mar 26, 2022, 9:35 PM Reply Quote 1
        • J
          jonlecroy
          last edited by Mar 26, 2022, 8:28 PM

          I'm seeing this problem as initially reported - 2.6.0 update checks succeed, but when changing the branch to Plus the update fails.

          Seeing this from the console - looks like cert errors connecting to ntop repo:

          [2.6.0-RELEASE][user@host]/home/jon: sudo pfSense-upgrade -d -c
          >>> Updating repositories metadata...
          Updating ntop repository catalogue...
          ntop repository is up to date.
          Updating pfSense-core repository catalogue...
          pfSense-core repository is up to date.
          Updating pfSense repository catalogue...
          pfSense repository is up to date.
          All repositories are up to date.
          Your system is up to date
          
          //Change branch in UI from 2.6.0 to Plus
          
          [2.6.0-RELEASE][user@host]/home/jon: sudo pfSense-upgrade -d -c
          >>> Updating repositories metadata...
          Updating ntop repository catalogue...
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:12:amd64/latest/meta.txz: Authentication error
          repository ntop has no meta file, using default settings
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:12:amd64/latest/packagesite.pkg: Authentication error
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
          34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
          pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:12:amd64/latest/packagesite.txz: Authentication error
          Unable to update repository ntop
          Updating pfSense-core repository catalogue...
          pfSense-core repository is up to date.
          Updating pfSense repository catalogue...
          pfSense repository is up to date.
          Error updating repositories!
          ERROR: Unable to compare version of pfSense-repo
          
          1 Reply Last reply Reply Quote 0
          • T
            Traveller @zachtywebb
            last edited by Mar 26, 2022, 9:35 PM

            @zachtywebb Trying to do exactly the same thing with exactly the same issue.

            Z 1 Reply Last reply Mar 26, 2022, 9:55 PM Reply Quote 0
            • Z
              zachtywebb @Traveller
              last edited by Mar 26, 2022, 9:55 PM

              @traveller Guess at least I'm not alone...

              T 1 Reply Last reply Mar 26, 2022, 9:58 PM Reply Quote 0
              • T
                Traveller @zachtywebb
                last edited by Mar 26, 2022, 9:58 PM

                @zachtywebb A post in another thread suggested checking Perfer IPv4 under System->Advanced->Networking.

                This allowed me to proceed with my upgrade.

                Z J ? 3 Replies Last reply Mar 26, 2022, 10:01 PM Reply Quote 1
                • Z
                  zachtywebb @Traveller
                  last edited by Mar 26, 2022, 10:01 PM

                  @traveller Thanks! Will give that a go next time I have a window where internet can be down.

                  T 1 Reply Last reply Mar 26, 2022, 10:03 PM Reply Quote 0
                  • T
                    Traveller @zachtywebb
                    last edited by Mar 26, 2022, 10:03 PM

                    @zachtywebb Good luck
                    I'm doing the upgrade now as I finally have time when I don't need to connect to work, and my wife is away for the weekend.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jonlecroy @Traveller
                      last edited by Mar 27, 2022, 12:10 AM

                      @traveller Thanks for the tip - didn't resolve for me (prefer was already checked, disabled ipv6 temporarily to see if that would help, it didn't.)

                      1 Reply Last reply Reply Quote 0
                      • R
                        revengineer
                        last edited by revengineer Mar 27, 2022, 12:32 PM Mar 27, 2022, 12:31 PM

                        The issue persists and @Traveller provided the temporary solution. Thank you!

                        1 Reply Last reply Reply Quote 0
                        • Z
                          zachtywebb
                          last edited by Mar 29, 2022, 2:51 PM

                          I was able to successfully upgrade from 2.5.2 to 2.6.0 to 22.01 last night without needing to set the prefer IPv4 option. Looks like whatever was going on has been fixed.

                          1 Reply Last reply Reply Quote 0
                          • J
                            jonlecroy
                            last edited by jonlecroy Mar 29, 2022, 6:21 PM Mar 29, 2022, 6:00 PM

                            I'm still seeing the problem. If the service side has changed/fixed is there a cache to clear somewhere?

                            Specifically - still seeing ntop repo SSL validation errors. Pasting the upgrade command output is causing spam errors here :(

                            J 1 Reply Last reply Apr 4, 2022, 4:57 AM Reply Quote 0
                            • ?
                              A Former User @Traveller
                              last edited by Mar 31, 2022, 2:31 PM

                              @traveller Thanks for the advice about preferring IPv4 when IPv6 is enabled I think it is ews.netgate.com that only has an IPv4 address, I also got the following errors when IPv6 was preferred so it looks like a certificate issue as well.

                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.netgate.com
                              34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.netgate.com
                              34369339392:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:

                              1 Reply Last reply Reply Quote 0
                              • J
                                jonlecroy @jonlecroy
                                last edited by Apr 4, 2022, 4:57 AM

                                This fixes the issue if the cert errors are for the ntop repo: https://www.yinfor.com/2022/02/upgrade-pfsense-from-the-community-edition-to-pfsense-plus.html

                                ? 1 Reply Last reply Apr 4, 2022, 7:02 AM Reply Quote 0
                                • ?
                                  A Former User @jonlecroy
                                  last edited by Apr 4, 2022, 7:02 AM

                                  @jonlecroy

                                  I have checked my pfsense install and do not have ntop installed. I am however using IPv6 in a dual stack environment and when I checked my internal DNS server which is used for all DNS queries I noticed that while most DNS queries for A and AAAA records do succceed unfortunately some do not. So if Prefer IPv4 is not selected the upgrade checking process fails, enable it and the Upgrade check works. I have been using dual stack IPv6 for 7 years now, hopefully now this IPv6 issue is highlighted the supporting infrastructure can be updated so Upgrade Check/Upgrade it works correctly

                                  T 1 Reply Last reply Apr 21, 2022, 4:49 AM Reply Quote 0
                                  • T
                                    tohil @A Former User
                                    last edited by Apr 21, 2022, 4:49 AM

                                    Hi all

                                    I have the same issue on a fresh 2.6.0 install, which was on 22.01 before. I've reinstalled to get the box to zfs.

                                    I've started this thread thread

                                    any suggestions?

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dpseattle
                                      last edited by Apr 22, 2022, 4:35 PM

                                      This worked yesterday (April 21) however was not able to run the upgrade from 2.6 to plus. today, getting error:

                                      Retrieving Unable to check for updates

                                      Tried all the suggestions above. No joy. Could someone look at the upgrade server endpoints if there was a change blocking?

                                      Thanks!

                                      T 1 Reply Last reply Apr 22, 2022, 9:15 PM Reply Quote 0
                                      • T
                                        tohil @dpseattle
                                        last edited by Apr 22, 2022, 9:15 PM

                                        @dpseattle
                                        I had to copy cert files from a running box to the installation with issues and then it worked...

                                        /etc/ssl
                                        -rw-r--r--   1 root  wheel   7544 Feb 15 16:54 pfSense-repo-custom.cert
                                        -rw-------   1 root  wheel   3242 Feb 15 16:54 pfSense-repo-custom.key
                                        
                                        1 Reply Last reply Reply Quote 1
                                        • D
                                          dpseattle
                                          last edited by dpseattle Apr 23, 2022, 1:59 AM Apr 23, 2022, 1:55 AM

                                          This post is deleted!
                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received