Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't upgrade - Certificate verification failed

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    9 Posts 6 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joeker
      last edited by joeker

      Just logged to my PFSense 2100 to check for updates and am getting this:

      Version 22.05-RELEASE (arm64)
      built on Wed Jun 22 18:56:18 UTC 2022
      FreeBSD 12.3-STABLE

      Unable to check for updates
      CPU Type ARM Cortex-A53 r0p4
      2 CPUs:
      CPU 0: ARM Cortex-A53 r0p4 affinity: 0
      CPU 1: ARM Cortex-A53 r0p4 affinity: 1
      SafeXcel Crypto: Yes (inactive)
      Hardware crypto Inactive

      When I go update packages I get this:

      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Authentication error
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Authentication error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Authentication error
repository pfSense has no meta file, using default settings
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Authentication error
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Authentication error
Unable to update repository pfSense
Error updating repositories!

      86e36a36-530e-49f8-9540-05db5589ae62-image.png![alt text](image url)

      Tried a reboot, and then halted system and did a cold reboot, still nothing.

      Also tried setting branch to previous Stable version, then back to Latest Stable Version - didn't work.

      Then tried running: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

      didn't work:

      Updating pfSense-core repository catalogue...
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Service Unavailable
repository pfSense-core has no meta file, using default settings
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Service Unavailable
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Service Unavailable
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Service Unavailable
repository pfSense has no meta file, using default settings
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Service Unavailable
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Service Unavailable
Unable to update repository pfSense
Error updating repositories!

      Any guidance is appreciated.

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @joeker
        last edited by rcoleman-netgate

        @joeker https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems?_=1676824718745

        Just letting the community know that updates to pfSense Plus version 23.01 have been stopped for the Netgate 1100 and 2100 systems while we investigate an issue that affects older systems. We will resume updates as soon as we can. Thanks for your patience.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        J 2 Replies Last reply Reply Quote 0
        • J
          joeker @rcoleman-netgate
          last edited by

          @rcoleman-netgate Alrighty then, thank you

          P 1 Reply Last reply Reply Quote 0
          • P
            pzl @joeker
            last edited by

            @joeker Have same deal. The nginx server reverse proxy at https://repo00.atx.netgate.com/pkg/ has an invalid certificate?

            Issued On Friday, March 18, 2022 at 10:07:17 AM
            Expires On Monday, November 17, 2521 at 9:07:17 AM

            🙃

            1 Reply Last reply Reply Quote 0
            • A
              AlexandroRubio
              last edited by

              I have a Netgate 2100 (arm64). Having the exact same problem.

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @AlexandroRubio
                last edited by

                @alexandrorubio Don’t know about the cert but upgrades are still paused. You can reinstall and restore from backup just fine though:
                https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/reinstall-pfsense.html

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 0
                • J jrey referenced this topic on
                • J jrey referenced this topic on
                • J
                  joeker @rcoleman-netgate
                  last edited by

                  @rcoleman-netgate

                  Is it ok to upgrade to Netgate 2100 to Version 23.05.1, or is this still an issue?

                  Thanks

                  S R 2 Replies Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @joeker
                    last edited by

                    @joeker Upgrades were allowed again in the spring. If you have a router that has the small EFI partition it will stop and warn you (as opposed to trying and failing), and if that is the case you'll need to reinstall per the above link.

                    https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 2
                    • R
                      rcoleman612 @joeker
                      last edited by

                      @joeker I don't work here anymore.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.