Upgrading from 23.01 to 23.05 Certificate verification failed
-
Good morning.
Upgraded from GUI; failed and doesn´t offers to upgrade anymore.
Dropped to shell and tried from there and its failing certificate. See some below:[23.01-RELEASE][root@worley]/root: pfSense-upgrade ERROR: It was not possible to determine pkg remote version >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 34955083776:error:1416F086:SSL Unable to update repository pfSense Error updating repositories! ERROR: It was not possible to determine pfSense-upgrade remote version ERROR: It was not possible to determine pfSense-upgrade remote version >>> Upgrading pfSense-upgrade... failed.Any help appreciated.
-
@amello I think 23.05 is not officially released yet, though it was showing as such last night.
see https://forum.netgate.com/topic/180271/23-01-23-05-upgrade-failed/12
Edit: my bad, it's out
https://forum.netgate.com/topic/180281/pfsense-plus-software-version-23-05-is-now-available-for-upgrades -
@amello I had the same happen to me on the second box i tried to upgrade. The first went 23.05 without issues, the second box had this issue.
Perhaps a loadbalancer at the repo’s where one node did not get the certificate update?
The quick fix is to change the update repo back to 23.01 and then back to 23.05 Stable. Then it shows the upgrade again, and it went fine at the second try.
-
@keyser said in Upgrading from 23.01 to 23.05 Certificate verification failed:
@amello I had the same happen to me on the second box i tried to upgrade. The first went 23.05 without issues, the second box had this issue.
Perhaps a loadbalancer at the repo’s where one node did not get the certificate update?
The quick fix is to change the update repo back to 23.01 and then back to 23.05 Stable. Then it shows the upgrade again, and it went fine at the second try.
This worked for me. Thank you for your advice.
-
@keyser That worked for me. Thanks!
-
@amello I also had to do a reboot along with the switching of the repos.
-
Switching repos back and forth also worked for me after getting the same cert error.
-
As today I was in the same situation as you now.
I solved the problem by following steps, until now
all is fine here.- Open the Dashboard
Webbrowser > WebGui - Open two more tabs in the browser
Dashboard and update and Packets (pkg`s) - System > update > update settings > click save
Select Create a boot environment - Got back to the tab with the pkg`s
reload the tab (Website) and all available packets for install will be shown now - Wait a moment
5 minutes or so - Go to the Cli (console) take option (13)
update will be running now without any problems here at my pfSense+ Plus 23.05 Release
Enter an option: 13 >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: .. done pfSense-core repository update completed. 15 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: .......... done Processing entries: .......... done pfSense repository update completed. 549 packages processed. All repositories are up to date. Your packages are up to dateAt the save option, I assume there will be also a cert new stored or something else, but it is still
working then again for me. - Open the Dashboard
-
I had the same problem however after it failed it then said it was on the most current version 23.01 After the attempt to update to 23.05 it no longer shows 23.05 as being a release at all.
I tried to post the log file here but every time I try a window pops up and says the message is flagged as spam. <sigh>
-
@cdsJerry I also notice that the orange light on the firewall appliance itself is still flashing indicating that there's an update. But the software GUI says I'm on the most current release, even though it's an older release than the update that was there before all the certificate failures.
-
@cdsJerry said in Upgrading from 23.01 to 23.05 Certificate verification failed:
I had the same problem however after it failed it then said it was on the most current version 23.01 After the attempt to update to 23.05 it no longer shows 23.05 as being a release at all.
I saw that so what I did was go to Update/Settings, saw the current branch was selected, saved the setting as is without making any changes, and then 23.05 showed up again.
I tried to post the log file here but every time I try a window pops up and says the message is flagged as spam. <sigh>
It is less sensitive if you get more upvotes, here's one.
-
@SteveITS Thanks for the upvote. I went to the system-update-system update and did the save as you suggested. No change. I went in and changed the branch to Previous Stable Version and it reported I was up to date. So then I changed it to Current Stable Version and it came back with "unable to check the updates". So... no joy.
-
@cdsjerry need to raise TAC Lite ticket and they can reset the authentication certificate. I had to do it twice
-
@cdsJerry I've not dealt with a non-Netgate Plus upgrade so @gwaitsi may be correct there. In general there is also this doc:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors which has some suggestions in addition to the branch change. -
@SteveITS entering the command prompt seems to have fixed the certificate problem. It's updating now. Fingers and toes crossed.
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade -
I had the same issue. I ended up completely fubar'ing my installation trying to solve the certificate verification failed. Clean installed 23.01, then restored from my backup. Rebooting after the restore failed everytime. Log's showed a bunch of missing files.
Clean install of 23.05 and restoring from the same backup was the only thing I could get to work.
Not an expert but based on the missing file location references and the certificate issue I think pfSense thought I was on a 23.01-RC version despite being on the release version
-
@nedyah700 I'm SO glad I didn't fubar my install. I'm far from an expert and it would have probably taken my tiny company offline for a day.