Upgrade to pfSense Plus failed
-
I also am experiencing a similar issue. I had to reinstall pfSense on my built box and found I could not register it by pasting my token (pfSense already knew of the machine). I toggled the thing back and forth between the latest stable 2.6 and Plus, even tried the dev version just to see if it could see that. I have run "pkg-static update -f", and "env ASSUME_ALWAYS_YES=yes pkg-static bootstrap -f" from both the console and a shell in the web interface, and essentially am told that certs cannot be loaded, there was an error fetching files, and finally ending with the line "Bootstrapping pkg from pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/, please wait...".
I am going to assume this is a known thing and that it is being researched. If I need to provide additional information, please let me know.
-
@slackerdude What's the full output?
-
@rcoleman-netgate Unfortunately, I can no longer provide the output, as I decided to try switching over to the 2.7.0 development branch (manually installing it), then attempt to change within pfSense to the pfSense Plus branch. While I can set the update path under Update Settings to pfSense Plus, it continues to fail to retrieve updates under System Update.
I may have to take the above back, it seems I can copy most, if not all of the output from some buffered memory. Here is some:
Shell Output - pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade Updating pfSense-core repository catalogue... Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-core/meta.txz: Authentication error repository pfSense-core has no meta file, using default settings Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-core/packagesite.pkg: Authentication error Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-core/packagesite.txz: Authentication error Unable to update repository pfSense-core Updating pfSense repository catalogue... Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01//meta.txz: Authentication error repository pfSense has no meta file, using default settings Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01//packagesite.pkg: Authentication error Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01//packagesite.txz: Authentication error Unable to update repository pfSense Error updating repositories!Shell Output - env ASSUME_ALWAYS_YES=yes pkg-static bootstrap -f pkg(8) is already installed. Forcing reinstallation through pkg(7). Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert Could not load client certificate /etc/ssl/pfSense-repo-custom.cert pkg: Error fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01//Latest/pkg.txz: Authentication error A pre-built version of pkg could not be found for your system. Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'. Bootstrapping pkg from pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/, please wait...Does this help any?
-
@slackerdude Looks like your system needs it's certificate bounced to get access to the repos.
You will need to open a ticket at https://go.netgate.com/ to get that resolved.
-
@rcoleman-netgate I followed your advice and opened a ticket, detailing my woes and your suggestion of having the system certificate bounced. There was a response within minutes asking me to try the upgrade again. I did and was successful. My system is now stable and up-to-date. Thank you for that suggestion!
Even though I'm not using a bought appliance (using the home/lab version of pfSense Plus on a self-built box), I was served quickly and efficiently. I am both surprised and grateful for the help. The unit I built was driven by the old shoestring budget thing, but when I replace it with a 2.5Gbps or greater capable unit in the future, it will likely be with an appliance.
-
I'm having the same issue. So far Netgate doesn't seem to know what's causing it. I have tried to upgrade 3 times. Definitely not a good experience, I hope they're able to figure out what's causing this bug.
-
I would try out a fresh install of 2.6 and then after doing that
upgrading to 23.01 and then to 23.05 if you want. And then
you should install any packets and do any configuration.It was helping me out on my pfSense 23.05
-
@dobby_ I fixed it by uninstalling Squid first, and then going as far as removing directories for Squid that stuck around.
Squid seems to be the package causing that fatal error on upgrade.
-
@SamJWard said in Upgrade to pfSense Plus failed:
I'm having the same issue. So far Netgate doesn't seem to know what's causing it. I have tried to upgrade 3 times. Definitely not a good experience, I hope they're able to figure out what's causing this bug.
I have this problem, happened multiple times even on a fresh 2.6 install with no packages..
Any ideas? I'm about to get rid of Pfsense at this rate. 2.6 has served me well but now with all this plus stuff and the fact CE isnt going to get updates, I might be looking elsewhere.
-
@Ignat said in Upgrade to pfSense Plus failed:
I have this problem, happened multiple times even on a fresh 2.6 install with no packages..
Then it could be pointed to your hardware
also. A fresh install of 2.6 might be not causing
any problems as I see it.Any ideas?
Other then a fresh install and then upgrade to
23.01 and once more again to 23.05? I´ve done
an install three time (each) of 2.7 and 23.05 since
now, and according to my given or existing hardware (2 PC Engines APUs) and is was the best
option to solve out the problem fast.I'm about to get rid of Pfsense at this rate. 2.6
has served me well but now with all this
plus stuffBut you will be able to go also with 2.6 CE
and all will be fine running.and the fact CE isnt going to get updates,
Have a look here to the "date of compiling"
I got more then 4 upgrade since the last
three weeks. From 91 big narrowed down
to 61 now since 23.05 was ready!
I might be looking elsewhere.
That is your choice!
-
I think ive narrowed it down to VMXNET3 on the new version with E1000 NICS everything is working..
Anyone else having issues with VMXNET3 ?
-
@Ignat No, I"m running VMXNET3 and have no problems.
The reason mine failed was because of the squid package. I have to not only remove the package, but delete the cache folder manually. Once the folder was removed, upgrade went through successfully. I don't know why.
Also: Make sure you KEEP the VMware plug-in installed when doing the upgrade. It should be the only installed package prior to upgrade.
