Somehow broke pfBlockerNG feed updating (SSL)
-
One step forward, one step back. :D Sorry if this isn't the best location, but I don't know if it's a cert issue, a firewall issue, a pfBlockerNG issue, a routing issue, etc.
I suspect that I broke this in the process of getting OpenVPN working. What I did was delete the user and server certs I had created in the past when attempting (and failing) to get VPN working, so that I could roll back to a clean starting point. The only cert remaining was the default self-signed one for the webconfig that you can't delete anyway.
Then today I notice that all my pfBlockerNG/DNSBL feeds are now failing. I get the error "SSL certificate problem: self signed certificate". The timing and error message is what makes me suspect I somehow broke things. But I don't know why these feeds would've been dependent on the certs I had made for the purpose of the VPN?
I read that I could change the status of a feed from "ON" to "FLEX" to basically bypass this, but 1) this isn't recommended and shouldn't be necessary normally, and 2) since it's happening to all the feeds the real problem lies elsewhere and that should be addressed. Plus there are quite a few feeds across multiple categories.
Thoughts?
pfBlockerNG-devel 2.2.5_37
pfSense 2.4.5-RELEASE-p1 -
Ah, never mind. Figured it out. Wasn't exactly my fault. One of the lists I had added had suddenly included a block for github which is the location for many of my other lists... so many that I thought all or almost all were suddenly failing. The whole SSL thing was a red herring. DNSBL was blocking DNSBL list updates.
Once I figured out the offending list, I disabled it and redid the downloads and everything is happy again now.