Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    repo01.netgate.com TLS cert seems invalid

    Scheduled Pinned Locked Moved
    Official Netgate® Hardware
    9
    43
    8.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Mmm, my bad. But pkg -d update succeeded. You might try pkg-static -d update too just for reference before you reboot,

      Steve

      S 1 Reply Last reply Reply Quote 0
      • S
        seanmcb @stephenw10
        last edited by

        After a magic reboot, updating from the GUI failed again, but pkg-static -d update worked.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Hmm, OK. What about pfSense-upgrade -d at the command line?

          S 1 Reply Last reply Reply Quote 0
          • S
            seanmcb @stephenw10
            last edited by

            @stephenw10 That would have been my 3rd try, but after reboot I tried: GUI, then pkg-static -d update and the latter worked. Is there point in still running the other command?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              The update commands just update the package database. The upgrade command will actually try to upgrade to 21.05.1.

              Steve

              S 1 Reply Last reply Reply Quote 0
              • S
                seanmcb @stephenw10
                last edited by

                @stephenw10 mmmm, you sure? Because after:

                • magic reboot
                • pkg-static -d update
                • requisitie reboot

                The GUI shows me at 21.05.1 and says 'no updates available'.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Hmm, OK well then I'd suggest it did in fact succeed at some point previously via the GUI.

                  There is no harm in running the upgrade command from the CLI. It will just show you there are no updates available if it has upgraded already.

                  Steve

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    gzorn @stephenw10
                    last edited by

                    I had the same problem with the TLS cert on an SG-1100 updating to 21.05.1
                    Confirming that power cycling (system halt, pull power for 1 minute, plug in) fixed the problem.
                    Happy to be on the latest branch!
                    -Greg

                    1 Reply Last reply Reply Quote 1
                    • johnpozJ johnpoz referenced this topic on
                    • johnpozJ johnpoz referenced this topic on
                    • johnpozJ johnpoz referenced this topic on
                    • johnpozJ johnpoz referenced this topic on
                    • johnpozJ johnpoz referenced this topic on
                    • johnpozJ johnpoz referenced this topic on
                    • D
                      derrley
                      last edited by

                      A power cycle on the SG-1100 fixed this problem for me as well, except it failed again after the 113th package download. Yikes.

                      >>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 6 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
pfSense repository update completed. 513 packages processed.
All repositories are up to date.
>>> Locking package pkg... done.
>>> Removing vital flag from php72... done.
>>> Unlocking package pkg... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (176 candidates): .......... done
Processing candidates (176 candidates): ....... done
The following 246 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
	aws-sdk-php72: 3.103.2
	php72: 7.2.29
	php72-bcmath: 7.2.29
	php72-bz2: 7.2.29
	php72-ctype: 7.2.29
	php72-curl: 7.2.29
	php72-dom: 7.2.29
	php72-filter: 7.2.29
	php72-gettext: 7.2.29
	php72-hash: 7.2.29
	php72-intl: 7.2.29
	php72-json: 7.2.29
	php72-ldap: 7.2.29
	php72-mbstring: 7.2.29
	php72-opcache: 7.2.29
	php72-openssl: 7.2.29
	php72-openssl_x509_crl: 1.2
	php72-pcntl: 7.2.29
	php72-pdo: 7.2.29
	php72-pdo_sqlite: 7.2.29
	php72-pear: 1.10.6
	php72-pear-Auth_RADIUS: 1.1.0_4
	php72-pear-Cache_Lite: 1.7.16,1
	php72-pear-Crypt_CHAP: 1.5.0
	php72-pear-HTTP_Request2: 2.3.0,1
	php72-pear-Mail: 1.4.1,1
	php72-pear-Net_Growl: 2.7.0
	php72-pear-Net_IPv6: 1.3.0.b2_2
	php72-pear-Net_SMTP: 1.9.0
	php72-pear-Net_Socket: 1.0.14
	php72-pear-Net_URL2: 2.2.1
	php72-pear-XML_RPC2: 1.1.4
	php72-pecl-mcrypt: 1.0.3
	php72-pecl-radius: 1.4.0.b1
	php72-pecl-rrd: 2.0.1_1
	php72-pecl-zmq: 1.1.3_3
	php72-pfSense-module: 0.65_1
	php72-posix: 7.2.29
	php72-readline: 7.2.29
	php72-session: 7.2.29
	php72-shmop: 7.2.29
	php72-simplepie: 1.5.1_1
	php72-simplexml: 7.2.29
	php72-sockets: 7.2.29
	php72-sqlite3: 7.2.29
	php72-sysvmsg: 7.2.29
	php72-sysvsem: 7.2.29
	php72-sysvshm: 7.2.29
	php72-tokenizer: 7.2.29
	php72-xml: 7.2.29
	php72-xmlreader: 7.2.29
	php72-xmlwriter: 7.2.29
	php72-zlib: 7.2.29
	py37-ply: 3.11
	py37-setuptools: 41.4.0_1
	python37: 3.7.7

New packages to be INSTALLED:
	aws-sdk-php74: 3.185.15 [pfSense]
	ccid: 1.4.36 [pfSense]
	cyrus-sasl: 2.1.28 [pfSense]
	dbus: 1.12.20_5 [pfSense]
	iftop: 1.0.p4 [pfSense]
	libinotify: 20211018 [pfSense]
	libpsl: 0.21.1_3 [pfSense]
	libssh2: 1.10.0,3 [pfSense]
	libuv: 1.42.0 [pfSense]
	mpdecimal: 2.5.1 [pfSense]
	nss_ldap: 1.265_14 [pfSense]
	openldap24-client: 2.4.59_4 [pfSense]
	openpgm: 5.2.122_6 [pfSense]
	opensc: 0.22.0 [pfSense]
	pam_ldap: 186_1 [pfSense]
	pam_mkhomedir: 0.2 [pfSense]
	pcre2: 10.39 [pfSense]
	pcsc-lite: 1.9.4,2 [pfSense]
	php74: 7.4.28 [pfSense]
	php74-bcmath: 7.4.28 [pfSense]
	php74-bz2: 7.4.28 [pfSense]
	php74-ctype: 7.4.28 [pfSense]
	php74-curl: 7.4.28 [pfSense]
	php74-dom: 7.4.28 [pfSense]
	php74-filter: 7.4.28 [pfSense]
	php74-gettext: 7.4.28 [pfSense]
	php74-intl: 7.4.28 [pfSense]
	php74-json: 7.4.28 [pfSense]
	php74-ldap: 7.4.28 [pfSense]
	php74-libbe: 0.1.4 [pfSense]
	php74-mbstring: 7.4.28 [pfSense]
	php74-opcache: 7.4.28 [pfSense]
	php74-openssl: 7.4.28 [pfSense]
	php74-openssl_x509_crl: 1.3 [pfSense]
	php74-pcntl: 7.4.28 [pfSense]
	php74-pdo: 7.4.28 [pfSense]
	php74-pdo_sqlite: 7.4.28 [pfSense]
	php74-pear: 1.10.12 [pfSense]
	php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
	php74-pear-Cache_Lite: 1.8.3,1 [pfSense]
	php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
	php74-pear-HTTP_Request2: 2.5.1,1 [pfSense]
	php74-pear-Mail: 1.4.1,1 [pfSense]
	php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
	php74-pear-Net_SMTP: 1.10.0 [pfSense]
	php74-pear-Net_Socket: 1.2.2 [pfSense]
	php74-pear-Net_URL2: 2.2.1 [pfSense]
	php74-pear-XML_RPC2: 1.1.4 [pfSense]
	php74-pecl-mcrypt: 1.0.4 [pfSense]
	php74-pecl-radius: 1.4.0b1_1 [pfSense]
	php74-pecl-rrd: 2.0.3 [pfSense]
	php74-pfSense-module: 0.81 [pfSense]
	php74-phpseclib: 2.0.17 [pfSense]
	php74-posix: 7.4.28 [pfSense]
	php74-readline: 7.4.28 [pfSense]
	php74-session: 7.4.28 [pfSense]
	php74-shmop: 7.4.28 [pfSense]
	php74-simplepie: 1.5.1_1 [pfSense]
	php74-simplexml: 7.4.28 [pfSense]
	php74-sockets: 7.4.28 [pfSense]
	php74-sqlite3: 7.4.28 [pfSense]
	php74-sysvmsg: 7.4.28 [pfSense]
	php74-sysvsem: 7.4.28 [pfSense]
	php74-sysvshm: 7.4.28 [pfSense]
	php74-tokenizer: 7.4.28 [pfSense]
	php74-xml: 7.4.28 [pfSense]
	php74-xmlreader: 7.4.28 [pfSense]
	php74-xmlwriter: 7.4.28 [pfSense]
	php74-zlib: 7.4.28 [pfSense]
	py38-libzfs: 1.1.2022021400 [pfSense]
	py38-ply: 3.11 [pfSense]
	py38-setuptools: 57.0.0 [pfSense]
	python38: 3.8.12_2 [pfSense]

Installed packages to be UPGRADED:
	arm64resetbutton: 0.2 -> 0.3 [pfSense]
	bind-tools: 9.14.12 -> 9.16.26 [pfSense]
	bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
	ca_root_nss: 3.51 -> 3.76 [pfSense]
	check_reload_status: 0.0.8_1 -> 0.0.11 [pfSense]
	cpdup: 1.20 -> 1.22 [pfSense]
	curl: 7.68.0 -> 7.83.1 [pfSense]
	darkstat: 3.0.719 -> 3.0.721 [pfSense]
	dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
	dhcpleases: 0.3_3 -> 0.5_1 [pfSense]
	dnsmasq: 2.80_4,1 -> 2.86_3,1 [pfSense]
	dpinger: 3.0 -> 3.2 [pfSense]
	expat: 2.2.8 -> 2.4.7 [pfSense]
	expiretable: 0.6_1 -> 0.6_2 [pfSense]
	filterdns: 2.0_4 -> 2.0_6 [pfSense]
	filterlog: 0.1_5 -> 0.1_9 [pfSense]
	freetype2: 2.10.1 -> 2.11.1 [pfSense]
	gettext-runtime: 0.20.1 -> 0.21 [pfSense]
	glib: 2.56.3_7,1 -> 2.70.4_1,2 [pfSense]
	gmp: 6.1.2_1 -> 6.2.1 [pfSense]
	hostapd: 2.9 -> 2.10 [pfSense]
	icu: 65.1,1 -> 70.1_1,1 [pfSense]
	igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
	ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
	isc-dhcp44-client: 4.4.1_1 -> 4.4.2P1 [pfSense]
	isc-dhcp44-relay: 4.4.1 -> 4.4.2P1 [pfSense]
	isc-dhcp44-server: 4.4.1_4 -> 4.4.2P1_1 [pfSense]
	jpeg-turbo: 2.0.3 -> 2.1.3 [pfSense]
	json-c: 0.14 -> 0.15_1 [pfSense]
	ldns: 1.7.1_1 -> 1.8.1 [pfSense]
	libedit: 3.1.20191211,1 -> 3.1.20210910,1 [pfSense]
	libevent: 2.1.11 -> 2.1.12 [pfSense]
	libffi: 3.2.1_3 -> 3.3_1 [pfSense]
	libgcrypt: 1.8.5 -> 1.9.4 [pfSense]
	libgd: 2.2.5_2,1 -> 2.3.3,1 [pfSense]
	libgpg-error: 1.36 -> 1.44 [pfSense]
	libiconv: 1.14_11 -> 1.16 [pfSense]
	libidn2: 2.3.0_1 -> 2.3.2 [pfSense]
	liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
	libnghttp2: 1.40.0 -> 1.46.0 [pfSense]
	libunistring: 0.9.10_1 -> 1.0 [pfSense]
	libxml2: 2.9.10 -> 2.9.12 [pfSense]
	libxslt: 1.1.34 -> 1.1.34_2 [pfSense]
	libzmq4: 4.3.1_1 -> 4.3.4 [pfSense]
	links: 2.16_2,1 -> 2.25,1 [pfSense]
	lua-resty-core: 0.1.17 -> 0.1.22 [pfSense]
	lua-resty-lrucache: 0.09 -> 0.11 [pfSense]
	luajit-openresty: 2.1.20190912_2 -> 2.1.20220310 [pfSense]
	miniupnpd: 2.1.20190210,1 -> 2.2.1_1,1 [pfSense]
	mobile-broadband-provider-info: 20190618_1 -> 20210805 [pfSense]
	mpd5: 5.8_10 -> 5.9_7 [pfSense]
	netgate-ca: 20191211 -> 20210105 [pfSense]
	netgate-ping-auth: 20200310 -> 20212005 [pfSense]
	nettle: 3.5.1_1 -> 3.7.3 [pfSense]
	nginx: 1.16.1_11,2 -> 1.20.2_9,2 [pfSense]
	norm: 1.5r6 -> 1.5r6_1 [pfSense]
	ntp: 4.2.8p14 -> 4.2.8p15_5 [pfSense]
	oniguruma: 6.9.3 -> 6.9.7.1 [pfSense]
	openvpn: 2.4.9 -> 2.6.0_8 [pfSense]
	pcre: 8.43_2 -> 8.45 [pfSense]
	perl5: 5.30.1 -> 5.32.1_1 [pfSense]
	pfSense: 2.4.5_1 -> 22.05 [pfSense]
	pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
	pfSense-base: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-default-config-serial: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-kernel-pfSense: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-pkg-aws-wizard: 0.8 -> 0.10 [pfSense]
	pfSense-pkg-bandwidthd: 0.7.4_4 -> 0.7.4_5 [pfSense]
	pfSense-pkg-ipsec-profile-wizard: 1.0_2 -> 1.0_6 [pfSense]
	pfSense-rc: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-u-boot-1100: 20181122 -> 20220428 [pfSense]
	pfSense-u-boot-env: 20200316 -> 20220429 [pfSense]
	png: 1.6.37 -> 1.6.37_1 [pfSense]
	radvd: 2.18_2 -> 2.19_2 [pfSense]
	rate: 0.9_1 -> 0.9_2 [pfSense]
	readline: 8.0.1 -> 8.1.2 [pfSense]
	rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
	scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
	smartmontools: 7.0_2 -> 7.3 [pfSense]
	softflowd: 1.0.0 -> 1.0.0_1 [pfSense]
	sqlite3: 3.30.1 -> 3.37.2,1 [pfSense]
	ssh_tunnel_shell: 0.1_2 -> 0.2_1 [pfSense]
	sshguard: 2.4.0_4,1 -> 2.4.2_1,1 [pfSense]
	strongswan: 5.8.4 -> 5.9.5 [pfSense]
	tiff: 4.1.0 -> 4.3.0 [pfSense]
	unbound: 1.10.1 -> 1.15.0_1 [pfSense]
	webp: 1.0.3_1 -> 1.2.2 [pfSense]
	wpa_supplicant: 2.9 -> 2.10 [pfSense]

Installed packages to be REINSTALLED:
	bandwidthd-2.0.1_12 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	dhcpleases6-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	giflib-5.2.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	jbigkit-2.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	libargon2-20190702 [pfSense]
	libdaemon-0.14_1 [pfSense]
	libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	libmcrypt-2.5.8_3 [pfSense]
	libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	pfSense-pkg-darkstat-3.1.3_5 [pfSense]
	pfSense-pkg-softflowd-1.2.6_1 [pfSense]
	pfSense-repo-22.05_14 [pfSense]
	pfSense-upgrade-1.0_29 [pfSense]
	pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	pkg-1.17.5_3 [pfSense]
	qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	zip-3.0_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')

Number of packages to be removed: 56
Number of packages to be installed: 73
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 29

The process will require 66 MiB more space.
172 MiB to be downloaded.
[1/185] Fetching wpa_supplicant-2.10.pkg: .......... done
[2/185] Fetching wol-0.7.1_4.pkg: .... done
[3/185] Fetching webp-1.2.2.pkg: .......... done
[4/185] Fetching vstr-1.0.15_1.pkg: .......... done
[5/185] Fetching voucher-0.1_2.pkg: . done
[6/185] Fetching unbound-1.15.0_1.pkg: .......... done
[7/185] Fetching uclcmd-0.1_3.pkg: .. done
[8/185] Fetching tiff-4.3.0.pkg: .......... done
[9/185] Fetching strongswan-5.9.5.pkg: .......... done
[10/185] Fetching sshguard-2.4.2_1,1.pkg: .......... done
[11/185] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done
[12/185] Fetching sqlite3-3.37.2,1.pkg: .......... done
[13/185] Fetching softflowd-1.0.0_1.pkg: .... done
[14/185] Fetching smartmontools-7.3.pkg: .......... done
[15/185] Fetching scponly-4.8.20110526_5.pkg: ... done
[16/185] Fetching rrdtool-1.7.2_4.pkg: .......... done
[17/185] Fetching readline-8.1.2.pkg: .......... done
[18/185] Fetching rate-0.9_2.pkg: ...... done
[19/185] Fetching radvd-2.19_2.pkg: ....... done
[20/185] Fetching qstats-0.2.pkg: . done
[21/185] Fetching png-1.6.37_1.pkg: .......... done
[22/185] Fetching pftop-0.7_9.pkg: ........ done
[23/185] Fetching pfSense-u-boot-env-20220429.pkg: .. done
[24/185] Fetching pfSense-u-boot-1100-20220428.pkg: .......... done
[25/185] Fetching pfSense-rc-22.05.pkg: .. done
[26/185] Fetching pfSense-pkg-softflowd-1.2.6_1.pkg: .. done
[27/185] Fetching pfSense-pkg-ipsec-profile-wizard-1.0_6.pkg: ... done
[28/185] Fetching pfSense-pkg-darkstat-3.1.3_5.pkg: .. done
[29/185] Fetching pfSense-pkg-bandwidthd-0.7.4_5.pkg: .. done
[30/185] Fetching pfSense-pkg-aws-wizard-0.10.pkg: .. done
[31/185] Fetching pfSense-kernel-pfSense-22.05.pkg: .......... done
[32/185] Fetching pfSense-default-config-serial-22.05.pkg: . done
[33/185] Fetching pfSense-base-22.05.pkg: .......... done
[34/185] Fetching pfSense-Status_Monitoring-1.7.11_4.pkg: ... done
[35/185] Fetching pfSense-22.05.pkg: . done
[36/185] Fetching perl5-5.32.1_1.pkg: .......... done
[37/185] Fetching pcre-8.45.pkg: .......... done
[38/185] Fetching openvpn-auth-script-1.0.0.3.pkg: . done
[39/185] Fetching openvpn-2.6.0_8.pkg: .......... done
[40/185] Fetching oniguruma-6.9.7.1.pkg: .......... done
[41/185] Fetching ntp-4.2.8p15_5.pkg: .......... done
[42/185] Fetching norm-1.5r6_1.pkg: .......... done
[43/185] Fetching nginx-1.20.2_9,2.pkg: .......... done
[44/185] Fetching nettle-3.7.3.pkg: .......... done
[45/185] Fetching netgate-ping-auth-20212005.pkg: .. done
[46/185] Fetching netgate-ca-20210105.pkg: ..... done
[47/185] Fetching mpd5-5.9_7.pkg: .......... done
[48/185] Fetching mobile-broadband-provider-info-20210805.pkg: ........ done
[49/185] Fetching miniupnpd-2.2.1_1,1.pkg: ........ done
[50/185] Fetching minicron-0.0.2.pkg: . done
[51/185] Fetching lzo2-2.10_1.pkg: .......... done
[52/185] Fetching luajit-openresty-2.1.20220310.pkg: .......... done
[53/185] Fetching lua-resty-lrucache-0.11.pkg: . done
[54/185] Fetching lua-resty-core-0.1.22.pkg: .... done
[55/185] Fetching links-2.25,1.pkg: .......... done
[56/185] Fetching libzmq4-4.3.4.pkg: .......... done
[57/185] Fetching libxslt-1.1.34_2.pkg: .......... done
[58/185] Fetching libxml2-2.9.12.pkg: .......... done
[59/185] Fetching libunistring-1.0.pkg: .......... done
[60/185] Fetching libucl-0.8.1.pkg: .......... done
[61/185] Fetching libnghttp2-1.46.0.pkg: .......... done
[62/185] Fetching libmcrypt-2.5.8_3.pkg: .......... done
[63/185] Fetching liblz4-1.9.3,1.pkg: .......... done
[64/185] Fetching libltdl-2.4.6.pkg: ..... done
[65/185] Fetching libidn2-2.3.2.pkg: .......... done
[66/185] Fetching libiconv-1.16.pkg: .......... done
[67/185] Fetching libgpg-error-1.44.pkg: .......... done
[68/185] Fetching libgd-2.3.3,1.pkg: .......... done
[69/185] Fetching libgcrypt-1.9.4.pkg: .......... done
[70/185] Fetching libffi-3.3_1.pkg: ..... done
[71/185] Fetching libevent-2.1.12.pkg: .......... done
[72/185] Fetching libedit-3.1.20210910,1.pkg: .......... done
[73/185] Fetching libdaemon-0.14_1.pkg: .... done
[74/185] Fetching libargon2-20190702.pkg: ........ done
[75/185] Fetching ldns-1.8.1.pkg: .......... done
[76/185] Fetching json-c-0.15_1.pkg: ........ done
[77/185] Fetching jpeg-turbo-2.1.3.pkg: .......... done
[78/185] Fetching jbigkit-2.1_1.pkg: ........ done
[79/185] Fetching isc-dhcp44-server-4.4.2P1_1.pkg: .......... done
[80/185] Fetching isc-dhcp44-relay-4.4.2P1.pkg: .......... done
[81/185] Fetching isc-dhcp44-client-4.4.2P1.pkg: .......... done
[82/185] Fetching ipmitool-1.8.18_3.pkg: .......... done
[83/185] Fetching indexinfo-0.3.1.pkg: . done
[84/185] Fetching igmpproxy-0.3,1.pkg: ... done
[85/185] Fetching icu-70.1_1,1.pkg: .......... done
[86/185] Fetching hostapd-2.10.pkg: .......... done
[87/185] Fetching gmp-6.2.1.pkg: .......... done
[88/185] Fetching glib-2.70.4_1,2.pkg: .......... done
[89/185] Fetching giflib-5.2.1.pkg: ......... done
[90/185] Fetching gettext-runtime-0.21.pkg: .......... done
[91/185] Fetching freetype2-2.11.1.pkg: .......... done
[92/185] Fetching filterlog-0.1_9.pkg: .. done
[93/185] Fetching filterdns-2.0_6.pkg: ... done
[94/185] Fetching expiretable-0.6_2.pkg: . done
[95/185] Fetching expat-2.4.7.pkg: .......... done
[96/185] Fetching dpinger-3.2.pkg: .. done
[97/185] Fetching dnsmasq-2.86_3,1.pkg: .......... done
[98/185] Fetching dhcpleases6-0.1_3.pkg: .. done
[99/185] Fetching dhcpleases-0.5_1.pkg: .. done
[100/185] Fetching dhcp6-20080615.2_4.pkg: .......... done
[101/185] Fetching darkstat-3.0.721.pkg: ........ done
[102/185] Fetching curl-7.83.1.pkg: .......... done
[103/185] Fetching cpustats-0.1_1.pkg: . done
[104/185] Fetching cpdup-1.22.pkg: .... done
[105/185] Fetching choparp-20150613.pkg: . done
[106/185] Fetching check_reload_status-0.0.11.pkg: .... done
[107/185] Fetching ca_root_nss-3.76.pkg: .......... done
[108/185] Fetching bsnmp-ucd-0.4.5.pkg: .. done
[109/185] Fetching bsnmp-regex-0.6_2.pkg: ... done
[110/185] Fetching bind-tools-9.16.26.pkg: .......... done
[111/185] Fetching bandwidthd-2.0.1_12.pkg: .... done
[112/185] Fetching arm64resetbutton-0.3.pkg: . done
[113/185] Fetching dbus-1.12.20_5.pkg: .......... done
1082806272:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.atx.netgate.com
1082806272:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
Child process pid=5279 terminated abnormally: Segmentation fault
Failed
                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Hmm, that's odd. Do you see that repeatedly? At the same package?

                        D 1 Reply Last reply Reply Quote 0
                        • D
                          derrley @stephenw10
                          last edited by

                          @stephenw10 A second attempt without a power cycle succeeded. Note that I was upgrading from something fairly old, with no support for the crypto hardware at all. (I don't very aggressively update this box. Life gets in the way.) Before power cycling I verified that the issue happened again. So, power cycle was required to fix the first time but not the second time.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Hmm, interesting. The crypto hardware in the 1100 has always been supported since it was released. A fix went into 21.02 that addressed the common ways this condition was triggered but it appears still possible in certain circumstances. If you were running an older version then power-cycling should have resolved it.

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • D
                              derrley
                              last edited by

                              @stephenw10 hm. That's interesting. Am I confused about something? What does this post refer to not being supported initially? https://forum.netgate.com/topic/139983/sg-1100-crypto-hardware

                              stephenw10S 1 Reply Last reply Reply Quote 0
                              • GertjanG
                                Gertjan @stephenw10
                                last edited by

                                @stephenw10 said in repo01.netgate.com TLS cert seems invalid:

                                A fix went into 21.02 that addressed the common ways

                                If I see this

                                (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')

                                pfSense with FreeBSD "11" is really old ...

                                and this :

                                @derrley said in repo01.netgate.com TLS cert seems invalid:

                                Note that I was upgrading from something fairly old,

                                the crypto bug could have been there while upgrading.

                                If the upgrade worked out, and the pfSense version is now recent, the issue is auto solved.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator @derrley
                                  last edited by

                                  @derrley There are two crypto devices in the 1100. The one that was not supported initially was the SafeXcel hardware in the SoC. That is now supported.
                                  That's not the authentication device that's used to authenticate the pkg repo which is what you saw trying to upgrade.

                                  Steve

                                  D 1 Reply Last reply Reply Quote 0
                                  • D
                                    derrley @stephenw10
                                    last edited by

                                    @stephenw10 Gotcha. I misunderstood. Thanks for the clarification.

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Samuel BF
                                      last edited by

                                      I had the same problem and the root cause was different : the date on the router was erroneous, so the certificate was "not yet valid" from the router point of view.

                                      The solution was to fix NTP server and wait few seconds for time synchronization (like in 99108)

                                      1 Reply Last reply Reply Quote 1
                                      • S scruzuser referenced this topic on
                                      • First post
                                        Last post