Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Certificate verification failed

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    17 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zitstif @rcoleman-netgate
      last edited by

      @rcoleman-netgate Ticket made. Thanks.

      1 Reply Last reply Reply Quote 0
      • Z
        zitstif
        last edited by

        The way to fix this issue is to go to System update, update settings, then click the save button on that page. However, I DO NOT RECOMMEND upgrading to 23.10, after the update took place the appliance would no longer boot and was getting stuck on:

        Filename '6379773F.img'.
        Load address: 0x7000000
        Loading: T T TIM-1.0
        WTMI-devel-18.12.1-1a13f2f
        WTMI: system early-init
        SVC REV: 5, CPU VDD voltage: 1.213V
        NOTICE: Booting Trusted Firmware
        NOTICE: BL1: v1.5(release):1f8ca7e-dirty (Marvell-devel-18.12.2)
        NOTICE: BL1: Built : 18:22:47, Oct 7 2021
        NOTICE: BL1: Booting BL2
        NOTICE: BL2: v1.5(release):1f8ca7e-dirty (Marvell-devel-18.12.2)
        NOTICE: BL2: Built : 18:22:52, Oct 7 2021
        NOTICE: BL1: Booting BL31
        NOTICE: BL31: v1.5(release):1f8ca7e-dirty (Marvell-devel-18.12.2)
        NOTICE: BL31: Built : 18

        U-Boot 2018.03-devel-18.12.3-gc9aa92c-dirty (Oct 07 2021 - 18:20:55 -0300)

        Model: Netgate 1100
        CPU 1200 [MHz]
        L2 800 [MHz]
        TClock 200 [MHz]
        DDR 750 [MHz]
        DRAM: 1 GiB
        Comphy chip #0:
        Comphy-0: USB3 5 Gbps
        Comphy-1: PEX0 2.5 Gbps
        Comphy-2: SATA0 6 Gbps
        SATA link 0 timeout.
        AHCI 0001.0300 32 slots 1 ports 6 Gbps 0x1 impl SATA mode
        flags: ncq led only pmp fbss pio slum part sxs
        PCIE-0: Link down
        MMC: sdhci@d0000: 0, sdhci@d8000: 1
        Loading Environment from SPI Flash... SF: Detected mx25u3235f with page size 256 Bytes, erase size 64 KiB, total 4 MiB
        console comconsole failed to initialize
        Consoles: EFI console
        Reading loader env vars from /efi/freebsd/loader.env
        Setting currdev to disk0p2:ge: 0x0, reg: 0x0, val: 0xFFFF
        FreeBSD/arm64 EFI loader, Revision 1.1g: 0x0, val: 0xFFFF
        (Fri Feb 10 20:26:39 UTC 2023 root@freebsd)
        Hit any key to stop autoboot: 0
        Command line arguments: loader.efit!
        Image base: 0x7000000netgate-1100.dtb
        EFI version: 2.70720-sg1100.dtb
        EFI Firmware: Das U-Boot (rev 0.00)tb
        Console: efi,comconsole (0).dtb
        Load Path: /\armada-3720-sg1100.dtb
        Load Device: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD( 2,0x01,0,0x64001,0x1117c)
        Trying ESP: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD(2,0x 01,0,0x64001,0x1117c)0 ms (1.7 MiB/s)
        Setting currdev to disk0p2: at 07000000 ...
        Trying: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD(1,0x01,0 ,0x1,0x64000) sdhci@d0000.blk...
        Setting currdev to disk0p1:ady
        Trying: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD(3,0x01,0 ,0x7517d,0xe1ae83)
        Setting currdev to zfs:pfSense/ROOT/default:
        ERROR: cannot open /boot/lua/loader.lua: no such file or directory.

        R 1 Reply Last reply Reply Quote 0
        • R
          rcoleman-netgate Netgate @zitstif
          last edited by rcoleman-netgate

          @zitstif Power off the unit completely.

          Let it sit for 2-3 minutes.

          Power back on. It should reboot without issue.

          Also there is no release "23.10"

          Ryan
          Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
          Requesting firmware for your Netgate device? https://go.netgate.com
          Switching: Mikrotik, Netgear, Extreme
          Wireless: Aruba, Ubiquiti

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @rcoleman-netgate
            last edited by

            @rcoleman-netgate Hi Ryan, we've hit this on a 2100 that was fine. We install 23.01 via image (had the USB stick already), it boots, we restore the backup config, it boots, emails us that it boot up, installs packages, and then we lose Internet connectivity from LAN and can't connect to pfSense via the WAN IP. The next boot attempt (Diagnostics/Halt, or Restart), we get what looks like the same errors as above...it overwrites itself but ends with:

            Load Device: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD( 2,0x01,0,0x64001,0x1117c)
            Trying ESP: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD(2,0x 01,0,0x64001,0x1117c)0 ms (1.7 MiB/s)
            Setting currdev to disk0p2: at 07000000 ...
            Trying: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD(1,0x01,0 ,0x1,0x64000) sdhci@d0000.blk...
            Setting currdev to disk0p1:ady
            Trying: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/eMMC(1)/eMMC(0)/HD(3,0x01,0 ,0x7517d,0xe1ae83)
            Setting currdev to zfs:pfSense/ROOT/default:
            ERROR: cannot open /boot/lua/loader.lua: no such file or directory.

            Powering off for 3 minutes does not help. We re-imaged again, same thing.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            R S 2 Replies Last reply Reply Quote 0
            • R
              rcoleman-netgate Netgate @SteveITS
              last edited by

              @stephenw10 here's one for you.

              Ryan
              Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
              Requesting firmware for your Netgate device? https://go.netgate.com
              Switching: Mikrotik, Netgear, Extreme
              Wireless: Aruba, Ubiquiti

              1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @SteveITS
                last edited by SteveITS

                @rcoleman-netgate So fun story, and/or in case anyone else runs into this. My tech tried reimaging again, this time with me watching. This flew by:

                Loading /boot/device.hintsx0000
Loading /boot/loader.conf0x0000
Loading /boot/loader.conf.local
/ad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
bad MBR sector signature 0x0000
Scanning disk usb_mass_storage.lun0...
Found 5 disks
   _ __  / _|___  ___ _ __  ___  ___      _
  | '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \   _| |_
  | |_) |  _\__ \  __/ | | \__ \  __/  |_   _|
  | .__/|_| |___/\___|_| |_|___/\___|    |_|
  |_|

                So we recreated a USB stick with 23.05, reimaged, and that seems to be just fine so far. IOW it seems to have been a bad USB stick. I just can't figure out why it would seem to work, let us restore and boot, and then the second boot had a problem. "Back away slowly" as I often say in this business.

                Edit: apologies for hijacking the thread. There were very few posts about the loader.lua error.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Yeah that error is usually either a bad USB stick or the stick 'doesn't like' the USB port. It will often boot and install fine from the other USB port on the 1100 if you see that.

                  I don't suppose you have an upgrade or console log from the upgrade that failed to the missing loader.lua file?

                  Steve

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @stephenw10
                    last edited by

                    @stephenw10 Our situation was on a 2100, though that's similar hardware of course. I started in the middle of this thread finding the loader error. We could not copy off an entire log, since in the "bad" condition there was no shell, and we could not type. Some of the console output was overwriting itself at times so it was a bit mixed together anyway.

                    I do have screen shots I was texted at one point in the discussion. I don't recall if this is after booting, after the loader error? My coworker is in transit now and I might not get him until tomorrow. At this point we had been thinking the emmc failed but writing the image was fine each time.
                    922b78cf-afb0-4f2c-b803-4ef24e4311c3-image.png

                    328aa8f8-1fae-40e4-a7f2-71ace9d9bda4-image.png

                    c61a76d4-7750-4cf7-a4ba-7910f61c8fbe-image.png

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote ๐Ÿ‘ helpful posts!

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      SteveITS Galactic Empire @SteveITS
                      last edited by

                      I'm being told the "cannot open /boot/lua/loader.lua" message shows after the "run usbrecovery" process, and the three screenfuls are what shows after the boot attempt without the USB stick attached.

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote ๐Ÿ‘ helpful posts!

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Hmm, is that a 2100-MAX?

                        After running usbrecovery there should be nothing on the eMMC. Unless it boots the USB and appears to reinstall successfully?

                        S 1 Reply Last reply Reply Quote 0
                        • S
                          SteveITS Galactic Empire @stephenw10
                          last edited by SteveITS

                          @stephenw10 No, a base.

                          That's the thing, it does successfully wipe the eMMC, does reinstall, does reboot, does let us log in to restore the backup, does restart successfully, does email that it booted up successfully per notification settings in the config, then it loses networking and the next boot fails. Which makes no sense to me. It's like it starts off fine then ZFS runs off the rails or something and chews itself up.

                          After reinstalling using 23.05 from a different USB stick he restarted a few times without issue so ๐Ÿคž it's good.

                          We think this may have happened before, a unit that didn't boot after a power loss a few months ago. I did a reinstall with this same USB stick (since it was the small EFI), and did a restore, and after that it didn't boot up, but I don't recall the error message specifically, could have been the loader message. At the time I had 15 minutes left on site and a spare 2100 so I put that in. We are going to try to resurrect it in our spare time...we pulled it out of our recycling pile.

                          Our tech wanted to use a USB stick that had been used before ๐Ÿ™„ rather than create one.

                          Edit:
                          The router today had an older version, not sure now, maybe 22.01? Possibly earlier. We hadn't upgraded to 22.05 as they are an unmanaged client, and didn't go to 23.01 because of the EFI partition. I doubt something in the config restore could break things though, never had a problem before.

                          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                          Upvote ๐Ÿ‘ helpful posts!

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Hmm, that feels like a ZFS BE issue. Let me see if we can see anything.....

                            S 1 Reply Last reply Reply Quote 0
                            • S SteveITS referenced this topic on
                            • S SteveITS referenced this topic on
                            • S
                              SteveITS Galactic Empire @stephenw10
                              last edited by

                              @SteveITS said in 23.05 firmware upgrade crashed a 3100 and an 1100:

                              FWIW a coworker reinstalled the "dead" 2100 with the same 23.05 USB he used a couple weeks ago and it seems to be fine in very limited usage. He's restarted it several times.

                              Per https://forum.netgate.com/topic/180755/23-05-firmware-upgrade-crashed-a-3100-and-an-1100/5 it sounds like there is/was a path for the EFI loader to not be updated and/or written properly.

                              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                              Upvote ๐Ÿ‘ helpful posts!

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Indeed, that should now be fixed. Will be in 23.05.1

                                1 Reply Last reply Reply Quote 1
                                • S SteveITS referenced this topic on
                                • S SteveITS referenced this topic on
                                • S SteveITS referenced this topic on
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.