Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error "libssl.so.30" not found" when installing package

    Scheduled Pinned Locked Moved General pfSense Questions
    30 Posts 11 Posters 29.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asdjklfjkdslfdsaklj @stephenw10
      last edited by asdjklfjkdslfdsaklj

      @stephenw10 Thanks for your reply. I had selected 23.09 at some point, when trying to sort another problem (owe you an update there, sorry), but fairly sure I had reverted via boot environment restore, and subsequently new install + backup restore.

      System is set to 23.05.1, and pkg-static -d update shows only 'v23_05_1' references:

      [23.05.1-RELEASE][user@router]/home/user: sudo pkg-static -d update
Password:
DBG(1)[63441]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[63441]> PkgRepo: verifying update for pfSense-core
DBG(1)[63441]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[63441]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.conf
DBG(1)[63441]> curl_open
DBG(1)[63441]> Fetch: fetcher used: pkg+https
DBG(1)[63441]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.conf

DBG(1)[63441]> CURL> attempting to fetch from , left retry 3

* processing: (nil)
* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the (nil) file; using defaults
*   Trying [2610:160:11:18::207]:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (2610:160:11:18::207) port 443
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_05_1_amd64-core/meta.conf HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
Accept: */*
If-Modified-Since: Wed, 28 Jun 2023 05:42:14 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Thu, 28 Sep 2023 16:13:19 GMT
< Last-Modified: Wed, 28 Jun 2023 05:42:14 GMT
< Connection: keep-alive
< ETag: "649bc836-a3"
<
* Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
DBG(1)[63441]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg
DBG(1)[63441]> curl_open
DBG(1)[63441]> Fetch: fetcher used: pkg+https
DBG(1)[63441]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg

DBG(1)[63441]> CURL> attempting to fetch from , left retry 3

* processing: (nil)
* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the (nil) file; using defaults
* Found bundle for host: 0x821d137e0 [serially]
* Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
> GET /pfSense_plus-v23_05_1_amd64-core/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
Accept: */*
If-Modified-Since: Wed, 28 Jun 2023 05:42:14 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Thu, 28 Sep 2023 16:13:19 GMT
< Last-Modified: Wed, 28 Jun 2023 05:42:14 GMT
< Connection: keep-alive
< ETag: "649bc836-928"
<
* Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[63441]> PkgRepo: verifying update for pfSense
DBG(1)[63441]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[63441]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf
DBG(1)[63441]> curl_open
DBG(1)[63441]> Fetch: fetcher used: pkg+https
DBG(1)[63441]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf

DBG(1)[63441]> CURL> attempting to fetch from , left retry 3

* processing: (nil)
* Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the (nil) file; using defaults
*   Trying [2610:160:11:18::209]:443...
* Connected to pfsense-plus-pkg01.atx.netgate.com (2610:160:11:18::209) port 443
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
*  start date: Mar 15 20:23:37 2022 GMT
*  expire date: Feb 19 20:23:37 2122 GMT
*  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf HTTP/1.1
Host: pfsense-plus-pkg01.atx.netgate.com
Accept: */*
If-Modified-Since: Mon, 25 Sep 2023 17:52:59 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Thu, 28 Sep 2023 16:13:20 GMT
< Last-Modified: Mon, 25 Sep 2023 17:52:59 GMT
< Connection: keep-alive
< ETag: "6511c8fb-a3"
<
* Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
DBG(1)[63441]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg
DBG(1)[63441]> curl_open
DBG(1)[63441]> Fetch: fetcher used: pkg+https
DBG(1)[63441]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg

DBG(1)[63441]> CURL> attempting to fetch from , left retry 3

* processing: (nil)
* Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the (nil) file; using defaults
* Found bundle for host: 0x821df3bf0 [serially]
* Re-using existing connection with host pfsense-plus-pkg01.atx.netgate.com
> GET /pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg01.atx.netgate.com
Accept: */*
If-Modified-Since: Mon, 25 Sep 2023 17:52:59 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Thu, 28 Sep 2023 16:13:20 GMT
< Last-Modified: Mon, 25 Sep 2023 17:52:59 GMT
< Connection: keep-alive
< ETag: "6511c8fb-27d98"
<
* Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
pfSense repository is up to date.
All repositories are up to date.
      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It's running version of pkg from 23.09 which is why it's throwing the lib error.

        Try downgrading: pkg-static upgrade -f pkg

        If it shows 1.19.1_2 as available go ahead and install that.

        A R G 3 Replies Last reply Reply Quote 2
        • A
          asdjklfjkdslfdsaklj @stephenw10
          last edited by

          @stephenw10 Ah, I see. That sorted it. Thanks very much!

          1 Reply Last reply Reply Quote 1
          • R
            randre.wright @stephenw10
            last edited by

            @stephenw10 thank you.

            Not sure if this will help anyone but I first had to undo a change I made in /usr/local/etc/pkg/repos/pfSense.conf

            Set the first line to:
            FreeBSD: { enabled: no } instead of FreeBSD: { enabled: yes}

            1 Reply Last reply Reply Quote 0
            • G
              Gsyltc 0 @stephenw10
              last edited by Gsyltc 0

              @stephenw10 Hi, I've the same problem.

              PfSense version : 23.05.1 (Netgate 4100)

              When I try to download pkg It shows me :

              Installed packages to be REINSTALLED:
	pkg-1.20.8_1 [pfSense]

Number of packages to be reinstalled: 1

Proceed with this action? [y/N]:

              The file /usr/local/etc/pkg/repos/pfSense.conf show me this :

              FreeBSD: { enabled: no }

pfSense-core: {
    url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core",
    mirror_type: "srv",
    signature_type: "fingerprints",
    fingerprints: "/usr/local/share/pfSense/keys/pkg",
    enabled: yes
}

pfSense: {
    url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-pfSense_plus_v23_09",
    mirror_type: "srv",
    signature_type: "fingerprints",
    fingerprints: "/usr/local/share/pfSense/keys/pkg",
    enabled: yes
}

              When I try to update a package, I have this error :

              ERROR: It was not possible to identify which  meta package is installed
__RC=1
WARNING: Current pkg repository has a new PHP major
         version.  should be upgraded before
         installing any new package.

              When I try to update Pfsense, I have this error

              >>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 5 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: 
Processing entries............. done
pfSense repository update completed. 726 packages processed.
All repositories are up to date.
>>> Upgrading -upgrade... failed.

              And à PHP_error.log

              Crash report begins.  Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:26:04 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/obj/amd64/f2Em2w3l/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/

Crash report details:

PHP Errors:
[12-Nov-2023 17:29:13 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'curl.so' (tried: /usr/local/lib/php/20220829/curl.so (Shared object "libssl.so.30" not found, required by "libssh2.so.1"), /usr/local/lib/php/20220829/curl.so.so (Cannot open "/usr/local/lib/php/20220829/curl.so.so")) in Unknown on line 0
[12-Nov-2023 17:29:13 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'ftp.so' (tried: /usr/local/lib/php/20220829/ftp.so (Shared object "libssl.so.30" not found, required by "ftp.so"), /usr/local/lib/php/20220829/ftp.so.so (Cannot open "/usr/local/lib/php/20220829/ftp.so.so")) in Unknown on line 0
[12-Nov-2023 17:29:13 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'ssh2.so' (tried: /usr/local/lib/php/20220829/ssh2.so (Shared object "libssl.so.30" not found, required by "libssh2.so.1"), /usr/local/lib/php/20220829/ssh2.so.so (Cannot open "/usr/local/lib/php/20220829/ssh2.so.so")) in Unknown on line 0
[12-Nov-2023 17:34:37 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'curl.so' (tried: /usr/local/lib/php/20220829/curl.so (Shared object "libssl.so.30" not found, required by "libssh2.so.1"), /usr/local/lib/php/20220829/curl.so.so (Cannot open "/usr/local/lib/php/20220829/curl.so.so")) in Unknown on line 0
[12-Nov-2023 17:34:37 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'ftp.so' (tried: /usr/local/lib/php/20220829/ftp.so (Shared object "libssl.so.30" not found, required by "ftp.so"), /usr/local/lib/php/20220829/ftp.so.so (Cannot open "/usr/local/lib/php/20220829/ftp.so.so")) in Unknown on line 0
[12-Nov-2023 17:34:37 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'ssh2.so' (tried: /usr/local/lib/php/20220829/ssh2.so (Shared object "libssl.so.30" not found, required by "libssh2.so.1"), /usr/local/lib/php/20220829/ssh2.so.so (Cannot open "/usr/local/lib/php/20220829/ssh2.so.so")) in Unknown on line 0



No FreeBSD crash data found.

              find command show me this

              #find /usr/ -name 'libssl.so*'

/usr/lib/libssl.so
/usr/lib/debug/usr/lib/libssl.so.111.debug
/usr/lib/libssl.so.111

              I think something went wrong while updating. I'm afraid to reboot in case of the system won't start.

              How can I force the version to downgrade pkg ?

              Thanks

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Set the update repo back to 23.05.1. Then run: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

                As shown here: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

                Then set it back to 23.09 and try to upgrade again.

                G 1 Reply Last reply Reply Quote 1
                • G
                  Gsyltc 0 @stephenw10
                  last edited by Gsyltc 0

                  @stephenw10 Hi Stephen, thanks for your fast reply

                  I do this step :
                  1)
                  System --> Update --> Update settings --> set Branch to "Previous Plus Version (23.05.1) --> Save

                  1. Diagnostics --> Command
                  # pkg-static info -x pfSense-upgrade
pfSense-upgrade-1.0_68


#pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed

                  1. System -- Update -- Set Branch to Latest Stable Version (23.09) -- Save

                  2. Update System

                  Try to update to 23.09
                  Failed. Same Error (PHP_Error.log and Update log)

                  1. Try to downgrade pkg
                  # env ASSUME_ALWAYS_YES=yes pkg-static bootstrap -f

pkg(8) is already installed. Forcing reinstallation through pkg(7).
Installing pkg-1.19.1_2...
package pkg is already installed, forced install
Extracting pkg-1.19.1_2: .......... done
Bootstrapping pkg from pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1, please wait...
Verifying signature with trusted certificate pkg.pfsense.org.20160406... done

# pkg -v
1.19.1

                  6°) Try to install Package

                  ERROR: It was not possible to identify which  meta package is installed
__RC=1
WARNING: Current pkg repository has a new PHP major
         version.  should be upgraded before
         installing any new package.

                  1. Try to Update
                    Same Error

                  # pkg-static upgrade -f

(Multiple lines show that)
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
34947272704:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
35123060736:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz: Authentication error

Unable to update repository pfSense
Error updating repositories!

                  Available Päckages is empty

                  Thanks

                  stephenw10S 1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator @Gsyltc 0
                    last edited by

                    @Gsyltc-0 said in Error "libssl.so.30" not found" when installing package:

                    #pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
                    Checking integrity... done (0 conflicting)
                    The most recent versions of packages are already installed

                    That seems odd. With the -f flag set there it should have reinstalled those three pkgs even if they are already on the latest version.

                    What do you see from:

                    [23.05.1-RELEASE][admin@plusdev-4.stevew.lan]/root: pkg-static info -x ssl
php82-openssl_x509_crl-1.3_2

                    Do you see the same errors if you run the upgrade from the command line (not the gui command): pfSense-upgrade -d

                    G E 2 Replies Last reply Reply Quote 0
                    • J jrey referenced this topic on
                    • G
                      Gsyltc 0 @stephenw10
                      last edited by

                      @stephenw10 Hi Stephen,
                      Finally, I did a backup and a factory reset.
                      I was able to do all the updates (from 23.01 to 23.09) and reinstalled all the packages.

                      Everything's back to normal

                      Thanks

                      1 Reply Last reply Reply Quote 1
                      • E
                        eminence32 @stephenw10
                        last edited by eminence32

                        @stephenw10 said in Error "libssl.so.30" not found" when installing package:

                        pfSense-upgrade -d

                        Hi all,

                        I am also seeing the same problems mentioned in the original post.

                        I'd like to avoid a factory reset if possible, so I'm trying to follow some of the instructions in this thread.

                        I've set my update branch in the GUI to "Previous Plus Version (23.05.1)" (which matches my currently running version "23.05-RELEASE").

                        From a ssh shell:

                        [23.05-RELEASE][root@pfs.local.mydomain.com]/root: pkg-static clean -ay ; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
pkg-static: No active remote repositories configured
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed

                        [23.05-RELEASE][root@pfs.local.mydomain.com]/root: pkg help
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pkg"

                        Note that I do not have a pfSense.conf file as one of the above commenters showed (I'm not sure if this is expected or not)

                        [23.05-RELEASE][root@pfs.local.mydomain.com]/root: ls -l /usr/local/etc/pkg/repos/
total 4
-rw-r--r--  1 root  wheel  26 May 22 11:02 FreeBSD.conf

                        EDIT : Using the GUI to switch the update branch from "Previous Plus Version" to "Latest Stable" and then back to "Previous Plus Version" has fixed the missing pfSense.conf file:

                        [23.05-RELEASE][root@pfs.local.em32.net]/root: ls -l /usr/local/etc/pkg/repos/
total 4
-rw-r--r--  1 root  wheel  26 May 22 11:02 FreeBSD.conf
lrwxr-xr-x  1 root  wheel  63 Nov 18 15:13 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable-point.conf

                        Now a pkg-static install -fy pkg pfSense-repo pfSense-upgrade has worked. Now trying an upgrade to the latest 23.09...

                        1 Reply Last reply Reply Quote 0
                        • G
                          Grizwald
                          last edited by

                          Hi all

                          This is my first post on this forum and I thought I should also share what I did to fix this issue. I followed this guide another user offered https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

                          My issue was the command returned this:

                          [2.7.0-RELEASE][admin@FW-EDGE.grizwald.lan]/root: pkg-static clean -ay ; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
pkg-static: Repository pfSense-core missing. 'pkg update' required
pkg-static: No package database installed.  Nothing to do!
Updating pfSense-core repository catalogue...
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
repository pfSense-core has no meta file, using default settings
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
repository pfSense has no meta file, using default settings
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
Unable to update repository pfSense
Error updating repositories!

                          I then attempted this command to force pkg update :

                          [2.7.0-RELEASE][admin@FW-EDGE.grizwald.lan]/root: pkg-static update -f
Updating pfSense-core repository catalogue...
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
repository pfSense-core has no meta file, using default settings
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
repository pfSense has no meta file, using default settings
pkg-static: An error occured while fetching package
pkg-static: An error occured while fetching package
Unable to update repository pfSense
Error updating repositories!

                          I followed the document which states to use the command "certctl rehash" if "An error occured while fetching package"

                          "A general error that could have a few different causes. It may indicate that pkg does not trust the package servers. Try running certctl rehash from the console, a root shell prompt, or via Diagnostics > Command Prompt. This will allow pkg to utilize the system certificates until the next reboot." - from document

                          After running this command I was able to force update my pkg:

                          [2.7.0-RELEASE][admin@FW-EDGE.grizwald.lan]/root: pkg-static update -f
Updating pfSense-core repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
Fetching packagesite.pkg: 100%    1 KiB   1.5kB/s    00:01
Processing entries: 100%
pfSense-core repository update completed. 4 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
Fetching packagesite.pkg: 100%  157 KiB 160.6kB/s    00:01
Processing entries:   0%
Newer FreeBSD version for package xxhash:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1400094
- running kernel: 1400085
Ignore the mismatch and continue? [y/N]: y
Processing entries: 100%
pfSense repository update completed. 549 packages processed.
All repositories are up to date.

                          And then finally upgrade to the latest version using

                          pkg-static install -fy pkg pfSense-repo pfSense-upgrade

                          Everything is working again. And sorry for not having this formatted correctly. It is my first post ever on the netgate forums., but hopefully this helps someone else.

                          S 1 Reply Last reply Reply Quote 10
                          • S
                            Sagy @Grizwald
                            last edited by

                            @Grizwald Mate, thank you for this, the rehash fixed all my pfsense issues. Made an account purely just to say thanks.

                            1 Reply Last reply Reply Quote 1
                            • S
                              scruzuser
                              last edited by scruzuser

                              @stephenw10
                              So, I'm in a fine pickle...

                              Running a pkg-static update to get to 23.09.1 I ran into the same issue with missing files:

                              [19/110] Upgrading cyrus-sasl from 2.1.28 to 2.1.28_1...
                              *** Updated user `cyrus'.
                              [19/110] Extracting cyrus-sasl-2.1.28_1: 100%
                              ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "libsasl2.so.3"
                              ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "libsasl2.so.3"
                              WARNING: Failed to create /usr/local/etc/sasldb2.db
                              pkg-static: Cannot delete vital package: pfSense-rc!
                              pkg-static: If you are sure you want to remove pfSense-rc,
                              pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense-rc

                              And it then stopped. It didn't seem prudent to unset the vital flag.

                              I came across this thread and have tried messing with System/Update/Update Settings to go to "Previous Plus Version (23.05.1)". I get the following when trying to run the pkg-static update -f (many lines of the form):

                              Updating pfSense-core repository catalogue...
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
                              34946478080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
                              34946478080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
                              34946478080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
                              34946478080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
                              34946478080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                              Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg01.atx.netgate.com
                              34946478080:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                              pkg-static: https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz: Authentication error
                              repository pfSense-core has no meta file, using default settings

                              I have run the certctl rehash. has no effect.
                              I now find that /usr/local/etc/pkg/repos seems wrong based on what I see in this thread:
                              $ ls -l /usr/local/etc/pkg/repos
                              total 1
                              -rw-r--r-- 1 root wheel 26 Jun 27 20:55 FreeBSD.conf
                              $

                              I tried making a link manually (changing things back and forth in the System/Update/Update Settings as mentioned prior did not create the pfSense.conf file):
                              ln -s /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable-point.conf pfSense.conf
                              and then run pkg-static update and I get the above cert errors. The contents of my pfSense.conf file are:

                              FreeBSD: { enabled: no }

                              pfSense-core: {
                              url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core",
                              mirror_type: "srv",
                              signature_type: "fingerprints",
                              fingerprints: "/usr/local/share/pfSense/keys/pkg",
                              enabled: yes
                              }

                              pfSense: {
                              url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1",
                              mirror_type: "srv",
                              signature_type: "fingerprints",
                              fingerprints: "/usr/local/share/pfSense/keys/pkg",
                              enabled: yes
                              }

                              And after I put the link in and try to run pkg-static clean -ay:
                              $ pkg-static clean -ay
                              pkg-static: Repository pfSense-core missing. 'pkg update' required
                              pkg-static: No package database installed. Nothing to do!

                              Any clue how to get passed the cert errors, get my pfSense.conf file to really appear and on to the pkg-static update -f to work?
                              Thanks.

                              1 Reply Last reply Reply Quote 0
                              • S scruzuser referenced this topic on
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                What repo is it trying to reach when you run: pkg-static d update ?

                                S 1 Reply Last reply Reply Quote 0
                                • S
                                  scruzuser @stephenw10
                                  last edited by

                                  @stephenw10 said in Error "libssl.so.30" not found" when installing package:

                                  pkg-static d update

                                  I believe you mean "pkg-static -d update" (missing the '-' above)?
                                  $ pkg-static -d update
                                  DBG(1)[36885]> pkg initialized
                                  Updating pfSense-core repository catalogue...
                                  DBG(1)[36885]> PkgRepo: verifying update for pfSense-core
                                  DBG(1)[36885]> PkgRepo: need forced update of pfSense-core
                                  DBG(1)[36885]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.conf
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.conf with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.conf with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.conf with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/meta.txz: Authentication error
                                  repository pfSense-core has no meta file, using default settings
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.pkg: Authentication error
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.txz
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-core/packagesite.txz: Authentication error
                                  Unable to update repository pfSense-core
                                  Updating pfSense repository catalogue...
                                  DBG(1)[36885]> PkgRepo: verifying update for pfSense
                                  DBG(1)[36885]> PkgRepo: need forced update of pfSense
                                  DBG(1)[36885]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.conf with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.txz
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/meta.txz: Authentication error
                                  repository pfSense has no meta file, using default settings
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.pkg: Authentication error
                                  DBG(1)[36885]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.txz
                                  DBG(1)[36885]> opening libfetch fetcher
                                  DBG(1)[36885]> Fetch > libfetch: connecting
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  DBG(1)[36885]> Fetch: fetching from: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.txz with opts "i"
                                  Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
                                  34955853824:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/sources/FreeBSD-src-plus-RELENG_23_05_1/crypto/openssl/ssl/statem/statem_clnt.c:1921:
                                  pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_amd64-pfSense_plus_v23_05_1/packagesite.txz: Authentication error
                                  Unable to update repository pfSense
                                  Error updating repositories!

                                  My System/Update/Update Settings is set to "Previous Plus Version (23.05.1)"

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Sorry yes I typo'd the command. 🤦

                                    If you set the branch to 23.09.1 what error do you get?

                                    To be honest I would just reinstall at that point if you can do that .

                                    S 1 Reply Last reply Reply Quote 0
                                    • S
                                      scruzuser @stephenw10
                                      last edited by scruzuser

                                      @stephenw10

                                      If I set the branch to 23.09.1 in System/Update/Update Settings, no file appears in /usr/local/etc/pkg/repos (and if I had a link there to the existing 23.05.1 file as noted above, it is removed), and then the command fails:

                                      [23.05.1-RELEASE][admin@machine@host]/usr/local/etc/pkg/repos: pkg-static -d update
                                      DBG(1)[63107]> pkg initialized
                                      No active remote repositories configured.

                                      I can restore from a backup, but I'm not sure that is enough, as that is "configuration" info of my firewall and I think I'm also missing some underlying certificates and I'm not knowledgeable enough to know if the restore will have the certs. I think I need to go all the way back to an installer image as described here:
                                      https://docs.netgate.com/pfsense/en/latest/install/index.html

                                      ?

                                      Or just will a "restore" be good enough?

                                      I will try a full power cycle as suggested here sometime this week before I go restoring: https://forum.netgate.com/topic/165700/repo01-netgate-com-tls-cert-seems-invalid/11

                                      I just can't take the system down now - too many users on it.

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        A config restore would do nothing here.

                                        Is it installed ZFS? If so you should have a BE snapshot from before the upgrade was fist started you could roll back to.

                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          scruzuser @stephenw10
                                          last edited by

                                          @stephenw10 It seems to be installed as ZFS - whatever netgate does by default on a Netgate purchased 4100

                                          a3b09d58-4d37-4441-8fef-b8e3be61db3a-image.png

                                          $ df -t zfs
                                          Filesystem 1K-blocks Used Avail Capacity Mounted on
                                          pfSense/ROOT/default 9178497 1399296 7779201 15% /
                                          pfSense/tmp 7780149 948 7779201 0% /tmp
                                          pfSense/home 7779637 436 7779201 0% /home
                                          pfSense/var 7784825 5624 7779201 0% /var
                                          pfSense/var/log 7784069 4868 7779201 0% /var/log
                                          pfSense/var/db 7783109 3908 7779201 0% /var/db
                                          pfSense/var/tmp 7779313 112 7779201 0% /var/tmp
                                          pfSense/var/cache 7779305 104 7779201 0% /var/cache
                                          pfSense/ROOT/default/cf 7799629 20428 7779201 0% /cf
                                          pfSense/ROOT/default/var_cache_pkg 7788689 9488 7779201 0% /var/cache/pkg
                                          pfSense/ROOT/default/var_db_pkg 7785453 6252 7779201 0% /var/db/pkg

                                          I've never used ZFS - but looking at System/Boot Environments - Here's what I see:

                                          79a68fdc-0f12-4d46-a84c-8c1225d22daf-image.png

                                          it sure is odd that a 23.05.1 BE was created on 2022-06-22, and somehow booted on 2023-12-14. The 23.05 BE from 2023-8-09 seems like one I want to go back to, but oddly, the only Action icons that I can select are the stars, none of the other are working. So just select the 2023-08-09 star and then reboot?

                                          1 Reply Last reply Reply Quote 1
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            In a normal upgrade it should have created a new snapshot on 23.05.1 and then upgraded the current snap to 23.09.1. So it must have failed before that snap was created.

                                            If your config hasn't changed significantly since that 23.05 snap you can certainly roll back to that. Then upgrade from there to 23.09 and then to 23.09.1.

                                            I would backup your current config first though so you can restore that afterwards to replace anything that has changed.

                                            S 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.