Unable to Download Available Package List - Cert Expired?
-
Same problem here.
AddTrust External CA Root is well known to expire today.
https://www.tbs-certificates.co.uk/FAQ/en/357.htmlI downloaded the needed Package by faking the date:
disable ntp
date 2005291212
pkg update
install package
enable ntpeven "pkg upgrade" and "pkg install ca_root_nss" didn't fix the problem.
"openssl s_client -connect files01.netgate.com:443" results also in an certificate expired warning.
Is there a new pgk server for pfsense?
There is also another thread about that topic with a better name:
https://forum.netgate.com/topic/154032/addtrust-external-ca-root-certificate-has-expired-cannot-update-packages -
I join this:
-
Thanks for reporting. Our IT team is aware of the issue and they are working to correct now. We’ll post an update when it is resolved.
-
@dennis_s Awesome!
The issue seems to be that files00.netgate.com and files01.netgate.com are providing invalid certificate chain.
However, SSL Labs and my Ubuntu Dekstop does not seem to care about provided chain and still find the correct validation path on it's own (Path #1).
The server is however reporting Path #2 and pfSense box sticks to that - which fails.
-
Ahh, I'm struggling with this since Morning (GMT +5:30). Thinking that I'm a newbie to pfsense and then I found this thread @dennis_s hope you guys resolve it soon.
-
It work's again! :)
No need to restart or update anything, they just remove the last erroneous cerificate from the provided chain.
-
-
Boom thanks all
-
YEA IT's working now :)
-
Configuration backups still failing; cat /tmp/acb_backupdebug.txt:
https://acb.netgate.com/listaction=showbackups
SSL certificate problem: certificate has expired
If i use KeyStore Explorer with url "acb.netgate.com", i still see that the cert "USERTrust RSA Certification Authority" is expired
-
While the packages list is resolved, I also have a big problem with the expired certificate.
DDNS not updating and webservers that are updated I cannot access because of certificate expiration.https://forum.netgate.com/topic/154043/ddns-not-updating-cert-expired
-
@kristian How do I do this?
-
@joeker Your issue is not related to this.
Open a ticket with TAC. https://go.netgate.com/