Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cert Issues with pkg-static -d update, Authentication error 23.05

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    3
    6
    979
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bcdouglas
      last edited by bcdouglas

      I have had issues with all updated (OS and package) updates related to 23.05. I've been able to determine the issue is related to a cert issue, "Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com"

      I've read various threads that say to simple wait for the cert to be refreshed. I have waited, no changes. I have had to use console option 13 for all 23.05 RC updates and just had to force the patch_2.2.3 package update from the console.

      I'm up and running, but would like to resolve this for future updates. Any advice is appreciated. Hardware is a 6100 Max.

      Thank you!
      -Brent

      Here is the full error when running pkg-static -d update:

      pkg-static -d update
      DBG(1)[18024]> pkg initialized
      Updating pfSense-core repository catalogue...
      DBG(1)[18024]> PkgRepo: verifying update for pfSense-core
      DBG(1)[18024]> PkgRepo: need forced update of pfSense-core
      DBG(1)[18024]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-core/meta.conf
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.conf with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.conf with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.conf with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-core/meta.txz
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/meta.txz: Authentication error
      repository pfSense-core has no meta file, using default settings
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.pkg
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.pkg with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.pkg with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.pkg with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.pkg: Authentication error
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.txz
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.txz: Authentication error
      Unable to update repository pfSense-core
      Updating pfSense repository catalogue...
      DBG(1)[18024]> PkgRepo: verifying update for pfSense
      DBG(1)[18024]> PkgRepo: need forced update of pfSense
      DBG(1)[18024]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.conf
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.conf with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.conf with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.conf with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.txz
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/meta.txz: Authentication error
      repository pfSense has no meta file, using default settings
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.pkg
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.pkg with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.pkg with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.pkg with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.pkg: Authentication error
      DBG(1)[18024]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.txz
      DBG(1)[18024]> opening libfetch fetcher
      DBG(1)[18024]> Fetch > libfetch: connecting
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      DBG(1)[18024]> Fetch: fetching from: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.txz with opts "i"
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
      34934542336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05/packagesite.txz: Authentication error
      Unable to update repository pfSense
      Error updating repositories!

      T 1 Reply Last reply Reply Quote 0
      • T
        tman222 @bcdouglas
        last edited by

        @bcdouglas - running into similar issues:

        https://forum.netgate.com/topic/180382/unable-to-upgrade-packages

        How did you install the 2.2.3 System Patches package from the console?

        1 Reply Last reply Reply Quote 0
        • occamsrazorO
          occamsrazor
          last edited by

          I had exactly the same "Certificate verification failed" error when trying to update from 23.01 to 23.05

          The update did not proceed at all, but now the system tells me that "The system is on the latest version" even though it is listed as 23.01, and there is now no option to try to upgrade to 23.05.

          pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
          Ubiquiti Unifi wired and wireless network, APC UPSs
          Mac OSX and IOS devices, QNAP NAS

          occamsrazorO 1 Reply Last reply Reply Quote 0
          • occamsrazorO
            occamsrazor @occamsrazor
            last edited by

            Ignore... I tried again after about 20 mins and this time it worked OK.

            pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
            Ubiquiti Unifi wired and wireless network, APC UPSs
            Mac OSX and IOS devices, QNAP NAS

            1 Reply Last reply Reply Quote 0
            • B
              bcdouglas
              last edited by

              Well, I contacted support referencing this and other posts I've made after playing with the 23.05 RC snapshots and having issues.

              Support said I didn't need a cert refresh as suggested by many in the forums. ;-( Instead, they suggested I rebuild the box vs. fix it. "Your cert doesn't need a refresh. However, if you are doing multiple upgrades and have accumulated some upgrade errors. I would recommend backing up the configuration and doing a clean install with the 23.05 image file."

              I've done support and understand the rebuild route...but how about the software doesn't accumulate upgrade errors in the first place. But, ok...such is the nature of testing RC builds.

              T 1 Reply Last reply Reply Quote 0
              • T
                tman222 @bcdouglas
                last edited by

                @bcdouglas - what did you mean by "cert refresh"? Is this equivalent of receiving a new activation token for pfSense Plus, or does it refer to something else? Thanks in advance.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post