Upgrade to 23.05 Failed
-
This is a Netgate SG-3100 running 23.01-RELEASE. I tried the upgrade both via GUI and SSH, same error.
I can't post the full error log, as your spam filter keeps blocking my post. But the below line keeps repeating and seems to be the genesis of the problem.
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.comOf note, the server: pfsense-plus-pkg00[.]atx[.]netgate[.]com (208[.]123[.]73[.]207) seems to be configured with an untrusted certificate. Or at the very least, the full certificate chain is not being sent to clients. I'm leaning on this being an internally-issued cert (or a test cert), as it doesn't meet current CA/B requirements.
-
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
-
You may be try out two ways to get rid of that problem;
First- system > update > update settings
check "create boot environment" and click "save" - Wait a moment now, ca. ~5 minutes
- Got to the console choose there option (13)
Second
- Console option (8)
and then set up the following command
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade - system > update > update settings
-
@Dobby_ The device is remote, so can't do option #1. As for #2, here's what I get:
pkg-static: Repository pfSense-core missing. 'pkg update' required pkg-static: No package database installed. Nothing to do! Updating pfSense-core repository catalogue... Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com 544518144:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:Then the cert errors repeat.
-
The trick for moving from the current branch to the previous branch and then back, did the trick.
-
I see the same "Certificate verification failed" on a Netgate 7100.
Switched the branch from 23.05 to 23.01 and back a few times, also did the forced reinstallation ofpkgetc / so far no success. -
Did
pkg-static clean -ay ; pkg-static install -fy pkg pfSense-repo pfSense-upgradethen switched to 23.05, now this:
# pfSense-upgrade Your Netgate device has pfSense+ as part of your device purchase. >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: .. done pfSense-core repository update completed. 15 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: .......... done Processing entries: Processing entries............. done pfSense repository update completed. 549 packages processed. All repositories are up to date. >>> Upgrading pfSense-upgrade... done. pfSense-repoc-static: failed to fetch the repo data failed to read the repo data. failed to update the repository settings!!! failed to update the repository settings!!!# pkg-static update Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. # pfSense-upgrade pfSense-repoc-static: failed to fetch the repo data failed to read the repo data. failed to update the repository settings!!! failed to update the repository settings!!! -
@sgw This is the exact thing I'm seeing. Something isn't right with pfSense-upgrade 1.0.66. As soon as I roll back to 1.0.61, everything works right again with package management.
