SG-1100 Won't update to latest build, can't install ACME
-
I suspect the two are related. My attempt to install ACME results in:
Installing pfSense-pkg-acme...
Updating pfSense-core repository catalogue...
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
Child process pid=47572 terminated abnormally: Segmentation fault
FailedAnd it doesn't even notice the update to 2.4.4 p3:
Current Base System 2.4.4_2
Latest Base System 2.4.4_2
Status Up to date.What's going on? How do I get this unwound?
-
Can you try the "update troubleshooting" steps listed on our blog post?
https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html
-
I ran that script and got:
The following package files will be deleted:
/var/cache/pkg/pkg
/var/cache/pkg/pfSense-repo-2.4.4_4-fd2d351fba.txz
/var/cache/pkg/netgate-ping-auth-20181211.txz
/var/cache/pkg/pfSense-repo-2.4.4_4.txz
/var/cache/pkg/pfSense-upgrade-0.62_1-555b7673dc.txz
/var/cache/pkg/pfSense-upgrade-0.62_1.txz
/var/cache/pkg/netgate-ping-auth-20181211-1cdf536131.txz
The cleanup will free 27 KiB
Deleting files: ....... done
All done
Updating pfSense-core repository catalogue...
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
Child process pid=71119 terminated abnormally: Segmentation faultreturning to the update page it still tells me I'm on the current version. I switched to the dev branch and back. No help. I then tried the next suggestion:
Shell Output - pkg-static update -f
Updating pfSense-core repository catalogue...
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
Child process pid=71183 terminated abnormally: Segmentation faultas for the log file, your doc needs updating. The file is at /cf/conf/upgrade_log.txt, not /conf/upgrade_log.latest.txt. Content:
Updating repositories metadata...
Updating pfSense-core repository catalogue...
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
Child process pid=62559 terminated abnormally: Segmentation fault -
Can you get me the output of the following:
/usr/local/bin/ping-auth.shand
/usr/local/sbin/ping-auth -sas well as:
/usr/bin/openssl ec -in /etc/thoth/key.pem -noout -textThanks!
-
It has private key info in it. Is there some way I can send to you directly so my private key data isn't published for the world to see? Although, I can quickly see the private key is clearly some small text string, and not really a proper key.
-
The PUB block from that should be enough.
-
Shell Output - /usr/local/bin/ping-auth.sh
fail.Shell Output - /usr/local/sbin/ping-auth -s
0123bab896a38ba9eeShell Output - /usr/bin/openssl ec -in /etc/thoth/key.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
<removed>pub:
04:68:5e:4f:47: cd:76:16:59:c0:ea:44:39:b1:62:
ff:da:68:91:83:ce:5a:cf:c9:7a:58:34:fa:0f:7f:
ff:1f:4c:df:9a:78:7f:40:c9:e3:39:07:23:89:35:
a3:35:cb:62:53:4e:85:f0:12:2b:35:b3:9f:1f:5b:
c5:e5:c0:e9:0d
ASN1 OID: prime256v1
NIST CURVE: P-256 -
Thanks for that information.
Let's move this into a ticket, can you open one up at https://go.netgate.com please?
When opening your ticket, please include your Netgate Device ID, and reference this thread.
Thanks!
-
ticket filed: https://go.netgate.com/support/tickets/28076
-
How you fixed this?
I have the same problem:
https://forum.netgate.com/topic/151684/sg-1100-pkg-static-https-repo-netgate-com-pkg-pfsense_factory-v2_4_5_aarch64-core-meta-txz-authentication-error
