Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Only 2.7.0 branch shown for updates

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    2
    7
    740
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CyclonePF
      last edited by

      A few weeks back (before 2.7.1 came out), I was trying to update from 2.6 to 2.7.0. I ran into errors trying to get the update the take and install and ultimately reinstalled from scratch and restored my backup. Everything restored fine thankfully.

      Now I'm stuck not able to install packages on 2.7.0 nor upgrade to 2.7.1.

      If I try to install a package (via the UI), it ultimately fails the installation with "Another instance of pfSense-upgrade is running. Try again later". I thought to go ahead and go to 2.7.1, but my only option in the Upgrade settings (via the UI) is "Latest stable release (2.7.0)." That is the only branch listed.

      Based off the troubleshooting doc, I issued a certctl rehash from the shell, but I still cannot install packages or be offered a different release branch.

      I then followed https://forum.netgate.com/topic/184457/upgraded-package-before-upgrading-to-2-7-1-system-screwed/10 and issued...

      @datanet said in Upgraded Package before Upgrading to 2.7.1 - System screwed!:

      I changed it to 2.7.0 and then ran the following command from a putty shell session:

      pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

      and then

      pkg-static upgrade -f

      No change in the UI. Issued certctl rehash again, no change. Rebooted, no change. Issued certctl rehash again, no change.

      I'm closing in on giving up and installing 2.7.1 from scratch. However, maybe I'm missing something obvious? I shouldn't need to reinstall every time I want to install an update. Plus I'm still unable to install packages. I want to install acme and set up cert renewals (vs. pfsense's default self-signed cert), but I can't get through.

      Any guidance would be appreciated.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Go to the command line and run: pkg-static -d update

        That should give you more error output to troubleshoot with.

        Also try: pfSense-repoc
        Make sure that returns without error.

        Steve

        C 1 Reply Last reply Reply Quote 0
        • C
          CyclonePF @stephenw10
          last edited by

          @stephenw10 said in Only 2.7.0 branch shown for updates:

          pkg-static -d update

          [2.7.0-RELEASE][root@pfsense.lan]/root: pkg-static -d update
DBG(1)[70378]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[70378]> PkgRepo: verifying update for pfSense-core
DBG(1)[70378]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[70378]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf
DBG(1)[70378]> opening libfetch fetcher
DBG(1)[70378]> Fetch > libfetch: connecting
DBG(1)[70378]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i"
DBG(1)[70378]> Fetch: fetcher chosen: https
DBG(1)[70378]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg
DBG(1)[70378]> opening libfetch fetcher
DBG(1)[70378]> Fetch > libfetch: connecting
DBG(1)[70378]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i"
DBG(1)[70378]> Fetch: fetcher chosen: https
DBG(1)[70378]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.txz
DBG(1)[70378]> opening libfetch fetcher
DBG(1)[70378]> Fetch > libfetch: connecting
DBG(1)[70378]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i"
DBG(1)[70378]> Fetch: fetcher chosen: https
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[70378]> PkgRepo: verifying update for pfSense
DBG(1)[70378]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[70378]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf
DBG(1)[70378]> opening libfetch fetcher
DBG(1)[70378]> Fetch > libfetch: connecting
DBG(1)[70378]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i"
DBG(1)[70378]> Fetch: fetcher chosen: https
DBG(1)[70378]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg
DBG(1)[70378]> opening libfetch fetcher
DBG(1)[70378]> Fetch > libfetch: connecting
DBG(1)[70378]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg with opts "i"
DBG(1)[70378]> Fetch: fetcher chosen: https
DBG(1)[70378]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz
DBG(1)[70378]> opening libfetch fetcher
DBG(1)[70378]> Fetch > libfetch: connecting
DBG(1)[70378]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz with opts "i"
DBG(1)[70378]> Fetch: fetcher chosen: https
pfSense repository is up to date.
All repositories are up to date.
[2.7.0-RELEASE][root@pfsense.lan]/root:

          @stephenw10 said in Only 2.7.0 branch shown for updates:

          pfSense-repoc

          [2.7.0-RELEASE][root@pfsense.lan]/root: pfSense-repoc
SSL certificate subject doesn't match host ews.netgate.com
pfSense-repoc: failed to fetch the repo data
failed to read the repo data.

          Is there another similar repoc command? I swear I've run a command similar to that, but didn't get such an SSL subject error before.

          The above didn't result in a change. I did another certctl rehash command, but it didn't result in a change.

          Screenshot 2023-12-04 at 5.30.24 PM.png

          C 1 Reply Last reply Reply Quote 0
          • C
            CyclonePF @CyclonePF
            last edited by

            @CyclonePF said in Only 2.7.0 branch shown for updates:

            SSL certificate subject doesn't match host ews.netgate.com

            As this is a HA setup via CARP & Sync, I tried the same commands on my other instance.

            @stephenw10 said in Only 2.7.0 branch shown for updates:

            pkg-static -d update

            [2.7.0-RELEASE][root@pfSense-Secondary.lan]/root: pkg-static -d update
DBG(1)[81751]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[81751]> PkgRepo: verifying update for pfSense-core
DBG(1)[81751]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[81751]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf
DBG(1)[81751]> opening libfetch fetcher
DBG(1)[81751]> Fetch > libfetch: connecting
DBG(1)[81751]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i"
DBG(1)[81751]> Fetch: fetcher chosen: https
DBG(1)[81751]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg
DBG(1)[81751]> opening libfetch fetcher
DBG(1)[81751]> Fetch > libfetch: connecting
DBG(1)[81751]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i"
DBG(1)[81751]> Fetch: fetcher chosen: https
DBG(1)[81751]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.txz
DBG(1)[81751]> opening libfetch fetcher
DBG(1)[81751]> Fetch > libfetch: connecting
DBG(1)[81751]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i"
DBG(1)[81751]> Fetch: fetcher chosen: https
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[81751]> PkgRepo: verifying update for pfSense
DBG(1)[81751]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[81751]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf
DBG(1)[81751]> opening libfetch fetcher
DBG(1)[81751]> Fetch > libfetch: connecting
DBG(1)[81751]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i"
DBG(1)[81751]> Fetch: fetcher chosen: https
DBG(1)[81751]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg
DBG(1)[81751]> opening libfetch fetcher
DBG(1)[81751]> Fetch > libfetch: connecting
DBG(1)[81751]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg with opts "i"
DBG(1)[81751]> Fetch: fetcher chosen: https
DBG(1)[81751]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz
DBG(1)[81751]> opening libfetch fetcher
DBG(1)[81751]> Fetch > libfetch: connecting
DBG(1)[81751]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz with opts "i"
DBG(1)[81751]> Fetch: fetcher chosen: https
pfSense repository is up to date.
All repositories are up to date.
[2.7.0-RELEASE][root@pfSense-Secondary.lan]/root:

            @stephenw10 said in Only 2.7.0 branch shown for updates:

            pfSense-repoc

            [2.7.0-RELEASE][root@pfSense-Secondary.lan/root: pfSense-repoc
SSL certificate subject doesn't match host ews.netgate.com
pfSense-repoc: failed to fetch the repo data
failed to read the repo data.
[2.7.0-RELEASE][root@pfSense-Secondary.lan]/root: 

[2.7.0-RELEASE][root@pfSense-Secondary.lan]/root: certctl rehash
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
[2.7.0-RELEASE][root@pfSense-Secondary.lan/root:

            Sadly, no change in behavior on this instance either.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Hmm, any possibility you have a proxy upstream that's catching that?

              C 1 Reply Last reply Reply Quote 1
              • C
                CyclonePF @stephenw10
                last edited by

                @stephenw10 said in Only 2.7.0 branch shown for updates:

                Hmm, any possibility you have a proxy upstream that's catching that?

                I shouldn't have one configured as I've never fiddled with that. I do self-host DNS, but dig within my network still matches ews.netgate.com to 208.123.73.212 .

                I will say that both within my network and on my mobile phone over the cellular network, that http://ews.netgate.com gives me an http 503 unavailable message. The certificate returned with that request is for *.netgate.com

                That said, I then did the same from pfSense itself (by using the ping option) and ews.netgate.com is resolving to 127.0.0.1. Looking in the DNS Resolver settings, pfSense does indeed have an entry for it there.

                Screenshot 2023-12-04 at 7.15.22 PM.png

                I removed that and suddenly, 2.7.0 shows up as Previous Stable Release now. I don't know how that entry got there in the first place, but removing it cleared things up.

                Screenshot 2023-12-04 at 7.17.25 PM.png

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Ah, yes that will do it! Because you had it set to localhost it was seeing the pfSense GUI cert.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG Gertjan referenced this topic on
                  • First post
                    Last post