Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade to 2.7 cerificate error

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jagradang @SteveITS
      last edited by

      @SteveITS

      I did a full reinstall but i'm still getting this certificate error so pfsense won't install any packages after restore. Any ideas?

      1 Reply Last reply Reply Quote 0
      • F
        Finger79
        last edited by

        Sorry to sound glib, but have you checked the certificate? Does your web browser give you a certificate error when going to the WebUI?

        J 1 Reply Last reply Reply Quote 0
        • J
          jagradang @Finger79
          last edited by

          @Finger79 I think the issue is with the default webcert I checked its expiry and validity. I also tried creating a new certificate but i still seem to get this error. Not sure if there is a guide on how to create a fresh cert and set it up?

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @jagradang
            last edited by

            @jagradang there have been a few posts about cert errors in recent weeks but I can’t seem to find any on my phone. I highly doubt it has to do with your web GUI cert, that’s just for your access.
            Try https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              You can generate a new web cert from the php shell, or directly with:

              pfSsh.php playback generateguicert
              

              Steve

              1 Reply Last reply Reply Quote 0
              • J
                jagradang
                last edited by

                I had an absolute nightmare fixing this issue. In the end i rebuilt the entire config from scratch. I'm still convinced there is an issue with 2.7 and certificates. I had to rebuild this around 6 times as every time i altered the certificates it broke un-repairablly. Meaning i had to start from scratch again. (even creating a certificate for openvpn totally broke the firewall!!!!)

                I eventually gave in and didn't create a custom certificate - leaving the default web configurator one in just to get the damn thing working before monday!! It now seems to be playing ball and working but I'm not touching the certificates until i can get on site and attempt a rebuild again.

                Looking through the forum there seems to be all sorts of issues around the certs so not surprised this is breaking! I have another 3 sites running this version, so of the 4 sites, 3 are broken with certificates and one seemed to go through cleanly.

                Hope Netgate get there act together and create a patch to fix this!

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Hmm, not seen that. You have the most basic steps to replicate it?

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    jagradang @stephenw10
                    last edited by

                    @stephenw10 I will try and reproduce this again on my virtual machine when i get home.
                    But essentially all i did was:

                    • create a CA authority,
                    • add a CERT under the CA authority
                    • Change the admin page and DNS to use this newly created cert.
                    • Delete the original Cert
                    • Go to the command line and try and run pfSense-upgrade - and it all breaks. Can't update, and WAN all went down.
                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Hmm, I can't replicate that directly. Maybe something to do with the steps ordering. Did you have SSL/TLS enabled in Unbound before starting?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Did you have other certs or CAs already defined and/or in use?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.