I can not upgrade or install any pckage due to Certificate verification failed for /CN=*.netgate.com
-
Hello,
I'm not able to install any package anymore due to error of 'Certificate verification failed for /CN=*.netgate.com'from GUI :
or from console :
- Logout (SSH only) 9) pfTop
- Assign Interfaces 10) Filter Logs
- Set interface(s) IP address 11) Restart webConfigurator
- Reset webConfigurator password 12) PHP shell + pfSense tools
- Reset to factory defaults 13) Update from console
- Reboot system 14) Disable Secure Shell (sshd)
- Halt system 15) Restore recent configuration
- Ping host 16) Restart PHP-FPM
- Shell
Enter an option: 13
Certificate verification failed for /CN=*.netgate.com
0080C1EC331C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/FreeBSD-src-RELENG_2_7_2/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pfSense-repoc-static: failed to fetch the repo data
failed to read the repo data.
failed to update the repository settings!!!
failed to update the repository settings!!! -
Your pfSense version is 2.7.2, right ?
System time is ok ?See here for a check list : Troubleshooting Upgrades.
edit : Wait ... ...snapshots... ? 2.7.2 is the "released and stable" version. Not sure if the snapshot version is the right one here. (I'm using 24.11 myself, so can't check / test )
You've set this : System > Update > System Update to what ? -
It's trying to get updates from 2.7.2 but could be running a previous version. If that version is 2.7.0 then first run
certctl rehashthen retry.If that allows you see updates then upgrade to 2.7.2 before trying to install pkgs
-
I'm using 2.7.2, my time is not correcte it's trange
but I can not fixe it
thanks for you help! -
Try just setting the time at the CLI directly. You're probably in a chicken/egg scenario where it cant resolve the time servers because DNSSec is enabled.
[25.03-RC][admin@8200-2.stevew.lan]/root: date 2502211741 Fri Feb 21 17:41:00 GMT 2025 -
after change it manually, the problem of CA is gone but I can not install any package. the list is empty
from cli:
Enter an option: 13
pfSense-repoc-static: failed to fetch the repo data
failed to read the repo data.
failed to update the repository settings!!!
failed to update the repository settings!!!when reboot the pfsense my time is set again to ... 2030 it's strange
-
Do you see the branches in the upgrade settings? If so try re-saving that.
What hardware is that?
-
@stephenw10
esxi , It was working fine, the boot was crashed after a cut power so I reinstall it and import the config again. so since this wont be work. -
So all good now?
-
thanks for your support.
I install it from scratch and import the config and it is working fine know.
I don't know what was wrong.my advice to everyone is that to make daily or weekly backup at least if you don't change the config a lot to save your life .
