Upgrade to 2.7 cerificate error
-
I did a full reinstall but i'm still getting this certificate error so pfsense won't install any packages after restore. Any ideas?
-
Sorry to sound glib, but have you checked the certificate? Does your web browser give you a certificate error when going to the WebUI?
-
@Finger79 I think the issue is with the default webcert I checked its expiry and validity. I also tried creating a new certificate but i still seem to get this error. Not sure if there is a guide on how to create a fresh cert and set it up?
-
@jagradang there have been a few posts about cert errors in recent weeks but I can’t seem to find any on my phone. I highly doubt it has to do with your web GUI cert, that’s just for your access.
Try https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors -
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
You can generate a new web cert from the php shell, or directly with:
pfSsh.php playback generateguicertSteve
-
I had an absolute nightmare fixing this issue. In the end i rebuilt the entire config from scratch. I'm still convinced there is an issue with 2.7 and certificates. I had to rebuild this around 6 times as every time i altered the certificates it broke un-repairablly. Meaning i had to start from scratch again. (even creating a certificate for openvpn totally broke the firewall!!!!)
I eventually gave in and didn't create a custom certificate - leaving the default web configurator one in just to get the damn thing working before monday!! It now seems to be playing ball and working but I'm not touching the certificates until i can get on site and attempt a rebuild again.
Looking through the forum there seems to be all sorts of issues around the certs so not surprised this is breaking! I have another 3 sites running this version, so of the 4 sites, 3 are broken with certificates and one seemed to go through cleanly.
Hope Netgate get there act together and create a patch to fix this!
-
Hmm, not seen that. You have the most basic steps to replicate it?
-
@stephenw10 I will try and reproduce this again on my virtual machine when i get home.
But essentially all i did was:- create a CA authority,
- add a CERT under the CA authority
- Change the admin page and DNS to use this newly created cert.
- Delete the original Cert
- Go to the command line and try and run pfSense-upgrade - and it all breaks. Can't update, and WAN all went down.
-
Hmm, I can't replicate that directly. Maybe something to do with the steps ordering. Did you have SSL/TLS enabled in Unbound before starting?
-
Did you have other certs or CAs already defined and/or in use?
