23.01 package Authentication error on upgrade attempt
-
Getting this error when updating via the web gui:
[41/88] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done [42/88] Fetching php81-pear-Cache_Lite-1.8.3,1.pkg: ..... done [43/88] Fetching php81-openssl_x509_crl-1.3_1.pkg: .. done 1086423040:error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/record/rec_layer_s3.c:1603:SSL alert number 50 [44/88] Fetching py39-setuptools-63.1.0.pkg: .......... done 1086423040:error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/record/rec_layer_s3.c:1603:SSL alert number 50 1086423040:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_lib.c:283: pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/All/indexinfo-0.3.1.pkg: Authentication error FailedAny ideas?
-
Hmm, part way through the upgrade?
It was still fetching the pkgs so the first thing I would do is just re-run the upgrade. If it fails again immediately you may need to power cycle it to reset the crypto chip.
Steve
-
So the weird thing is that when I try and visit "https://repo00.atx.netgate.com/" in my browser, I get a certificate error as well.
I'm going to try and power cycle the unit (SG-1100) and see what happens.
-
@stephenw10 said in 23.01 package Authentication error on upgrade attempt:
If it fails again immediately you may need to power cycle it to reset the crypto chip
Ok this seems to have fixed things.
Upgrading in progress now that all packages downloaded.
Edit: Upgrade successful!
Thanks!
-
Seeing this, too. Very strange I did several US based instances without issues. A few minutes later I tried upgrading Asia-based instances and 3/3 fail. They all pull from the same repo, there is no geo dns or anycast involved, right ?
Are these instructions from the docu still good for 23.01-RC ?
Enter an option: 13 We could not connect to Netgate servers. Please try again later. failed to update the repository settings!!!Why is 22.05 not showing there anymore ?
pkg update pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended Updating pfSense-core repository catalogue... Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com 35131604992:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com 35131604992:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: ^C -
There was a backend issue that is now resolved, hence the message you see about Netgate servers. It was probably trying to the use the wrong repo path.
Please restest it now.Steve
-
@stephenw10 said in 23.01 package Authentication error on upgrade attempt:
There was a backend issue that is now resolved, hence the message you see about Netgate servers. It was probably trying to the use the wrong repo path.
Please restest it now.Steve
Yes all 23.01-RC to 23.01 release updates work now. Only device still seeting authentication errors is a new NDI that was registered from 2.6.0 a few hours ago and now cannot get to 22.01.
-
If you PM me the NDI I can look into that.
-
@stephenw10 Awesome. Done! Let's see what you can find out.
