Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.6 to plus. Unable to check

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    31 Posts 9 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcoleman-netgate Netgate @Antibiotic
      last edited by

      @antibiotic This shouldn't have anything to do with this. The local GUI Cert is not related to repo access.

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      A B 2 Replies Last reply Reply Quote 0
      • A
        Antibiotic @rcoleman-netgate
        last edited by

        @rcoleman-netgate roger that))))

        pfSense plus 24.11 on Topton mini PC
        CPU: Intel N100
        NIC: Intel i-226v 4 pcs
        RAM : 16 GB DDR5
        Disk: 128 GB NVMe
        Brgds, Archi

        1 Reply Last reply Reply Quote 0
        • B
          barnops @rcoleman-netgate
          last edited by

          @rcoleman-netgate said in Pfsense 2.6 to plus. Unable to check:

          @antibiotic This shouldn't have anything to do with this. The local GUI Cert is not related to repo access.

          But for the record, I did.
          It didn't solve anything.

          B 1 Reply Last reply Reply Quote 0
          • B
            barnops @barnops
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • B
              barnops
              last edited by

              @barnops Also, interesting that the validity dates on this cert are expired.

              openssl x509 -in /etc/ssl/pfSense-repo-custom.cert -text
              Certificate:
              Data:
              Version: 3 (0x2)
              Serial Number:
              7f:c3:e5:________________________:45:83:59:5a:08
              Signature Algorithm: sha256WithRSAEncryption
              Issuer: C = US, ST = Texas, L = Austin, O = "Rubicon Communications, LLC (Netgate)", OU = ProdTrack CA, CN = ProdTrack CA
              Validity
              Not Before: Mar 10 19:01:29 2023 GMT
              Not After : Mar 11 07:01:29 2023 GMT

              JeGrJ 1 Reply Last reply Reply Quote 0
              • JeGrJ
                JeGr LAYER 8 Moderator @barnops
                last edited by

                Perhaps related: since a reboot this morning I don't get any package repos with the following errors:

                ...shortened...
                
                Updating pfSense repository catalogue...
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/meta.txz: Authentication error
                repository pfSense has no meta file, using default settings
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.pkg: Authentication error
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz: Authentication error
                Unable to update repository pfSense
                Error updating repositories!
                

                Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                1 Reply Last reply Reply Quote 0
                • B
                  barnops
                  last edited by

                  Looks like whatever was going wrong was resolved this morning.
                  I am now able to pull the update version.

                  But wasn't it a requirement to swap to 22.01 first when upgrading from CE to Plus?
                  Now 23.01 is listed when going from 2.6.0.

                  01c7f714-0256-439d-acdf-2413d7ebd43b-image.png

                  B 1 Reply Last reply Reply Quote 0
                  • B
                    barnops @barnops
                    last edited by barnops

                    @barnops said in Pfsense 2.6 to plus. Unable to check:

                    Looks like whatever was going wrong was resolved this morning.
                    I am now able to pull the update version.

                    But wasn't it a requirement to swap to 22.01 first when upgrading from CE to Plus?
                    Now 23.01 is listed when going from 2.6.0.

                    01c7f714-0256-439d-acdf-2413d7ebd43b-image.png

                    Seems like it updated properly to 23.01 with no ill effects:
                    Removing unnecessary packages... done.
                    Cleanup pkg cache... done.
                    pfSense 23.01-RELEASE amd64 Fri Feb 10 20:06:33 UTC 2023
                    Bootup complete

                    So what ended up being the issue?

                    1 Reply Last reply Reply Quote 0
                    • A
                      Antibiotic
                      last edited by Antibiotic

                      Again unable to check available packages. Please fix it!
                      Updating pfSense-core repository catalogue...
                      pkg: pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-core/meta.txz: Bad Request
                      repository pfSense-core has no meta file, using default settings. Trying entering to https://pfsense-plus-pkg00.atx.netgate.com/ from browser and result: 400 Bad Request
                      No required SSL certificate was sent
                      nginx.

                      pfSense plus 24.11 on Topton mini PC
                      CPU: Intel N100
                      NIC: Intel i-226v 4 pcs
                      RAM : 16 GB DDR5
                      Disk: 128 GB NVMe
                      Brgds, Archi

                      1 Reply Last reply Reply Quote 0
                      • A
                        Antibiotic
                        last edited by

                        Solution : rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*

                        pfSense plus 24.11 on Topton mini PC
                        CPU: Intel N100
                        NIC: Intel i-226v 4 pcs
                        RAM : 16 GB DDR5
                        Disk: 128 GB NVMe
                        Brgds, Archi

                        JeGrJ 1 Reply Last reply Reply Quote 0
                        • JeGrJ
                          JeGr LAYER 8 Moderator @Antibiotic
                          last edited by

                          @antibiotic said in Pfsense 2.6 to plus. Unable to check:

                          Solution : rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*

                          Randomly deleting repository files isn't really a "solution". That seems more like a thing, that was working for you, but the repos are set from changing/setting the release path in the update screen.

                          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                          R 1 Reply Last reply Reply Quote 0
                          • R
                            rcoleman-netgate Netgate @JeGr
                            last edited by

                            @jegr said in Pfsense 2.6 to plus. Unable to check:

                            Randomly deleting repository files isn't really a "solution". That seems more like a thing, that was working for you, but the repos are set from changing/setting the release path in the update screen.

                            That is in our redmine, however, as a workaround.

                            Ryan
                            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                            Requesting firmware for your Netgate device? https://go.netgate.com
                            Switching: Mikrotik, Netgear, Extreme
                            Wireless: Aruba, Ubiquiti

                            1 Reply Last reply Reply Quote 0
                            • S
                              Siman
                              last edited by Siman

                              same issue... come one netgate, do your job... Just saying PFS+ is supposed to be the payed for tier, and I got customers running it...

                              R 1 Reply Last reply Reply Quote 0
                              • R
                                rcoleman612 @Siman
                                last edited by

                                @siman said in Pfsense 2.6 to plus. Unable to check:

                                same issue... come one netgate, do your job... Just saying PFS+ is supposed to be the payed for tier, and I got customers running it...

                                If you're a paying customer have you bothered to open a ticket with TAC?
                                https://go.netgate.com/

                                S 1 Reply Last reply Reply Quote 1
                                • S
                                  Siman @rcoleman612
                                  last edited by

                                  @picturetaker Customers haven't called me yet. I run it at home in lab form, if I get called and Im working for them I would open one. Can't do anything if I'm not representing them.

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    CuOptik
                                    last edited by

                                    I just went through a similar situation. I installed pfSense 2.6 on a new machine and everything looked fine. I then upgraded to pfSense+ v23.01. The upgrade looked fine and the machine was working. However, when I went to install other packages, I received the "no packages available" message. Going into a shell via SSH to update packages did not work and I also got the "bad request" error when trying that.

                                    The work-around solution that worked for me was to clean up the custom repo info in /usr/local/share/pfSense/pkg/. Apparently, the upgrade from 2.6 to 23.01 is leaving some 2.6 info in the folder which then causes authentication/access issues when trying to get to the 23.01 repos.

                                    There is a write-up of the issue (and the manual work-around) at https://redmine.pfsense.org/issues/14137

                                    1 Reply Last reply Reply Quote 0
                                    • 8
                                      86b
                                      last edited by

                                      I just wanted to pop in and say that I was also running into a "Bad Request" issue just now on 23.01 when trying to run pkg update and I was able to resolve this by plopping in my Register key via the UI. I was going through some troubleshooting last week with pfSense support and during the re-issuing of Plus certs it must have wiped the Registration key somewhere along the way. I was upgrading from 2.7.x CE to 23.01 Plus.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.