• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

certificate error while running pkg update

General pfSense Questions
19
27
7.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hcww
    last edited by Jan 30, 2021, 5:05 AM

    hi all

    i have pfsense 2.4.5_1 and today while updating packges it gives me the following certificate errors

    pfsense error.txt

    1 Reply Last reply Reply Quote 4
    • Y
      Yamabushi
      last edited by Jan 30, 2021, 6:17 AM

      Yep, not just you. I'm experiencing the same issue.

      1 Reply Last reply Reply Quote 2
      • A
        Apsis-IM
        last edited by Jan 30, 2021, 6:28 AM

        Same.

        1 Reply Last reply Reply Quote 2
        • E
          elite_kzm
          last edited by Jan 30, 2021, 8:09 AM

          Add me to the list. Was working earlier today, then stopped working for me this evening. I initially suspected it may have been related to some changes I made to DNS Resolver configuration, but after spending an hour or so tearing my hair out and trying various potential fixes I found online, I stumbled on this thread. Getting the exact same error when I try running /usr/local/sbin/pkg-static update -f per this page.

          1 Reply Last reply Reply Quote 2
          • F
            fjsantos
            last edited by Jan 30, 2021, 8:27 AM

            Me too:

            Updating pfSense-core repository catalogue...
            Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
            34406329672:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/ce-crossbuild-245/sources/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269:

            blablabla

            1 Reply Last reply Reply Quote 1
            • A
              AB5G
              last edited by AB5G Jan 30, 2021, 8:29 AM Jan 30, 2021, 8:28 AM

              Same for me

              Updating repositories metadata...
              pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
              Updating pfSense-core repository catalogue...
              Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

              1 Reply Last reply Reply Quote 1
              • A
                Apsis-IM
                last edited by Jan 30, 2021, 9:00 AM

                I'm pretty new to pfsense and BSD in general. I went wild with fixes all over this board, Reddit, and random google search results. It appears this has happened before (May 2020). The netgate team had to update certs on the webserver.

                Y 1 Reply Last reply Jan 30, 2021, 9:08 AM Reply Quote 1
                • Y
                  Yamabushi @Apsis-IM
                  last edited by Jan 30, 2021, 9:08 AM

                  @apsis-im
                  Yep, I think you are correct.

                  1 Reply Last reply Reply Quote 0
                  • J
                    JRubenC
                    last edited by Jan 30, 2021, 11:21 AM

                    +1

                    Not working either on a new install I was performing this Saturday.

                    Interestingly, both https://files00.netgate.com/ and https://files01.netgate.com/ have a valid certificate:

                    *  subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.netgate.com
                    *  start date: Mar 13 00:00:00 2019 GMT
                    *  expire date: Apr 11 23:59:59 2021 GMT
                    

                    so clearly is something deeper in their setup... I guess we have to wait.

                    1 Reply Last reply Reply Quote 1
                    • C
                      castigo86
                      last edited by Jan 30, 2021, 11:54 AM

                      Yeah, same for me on pgk upgrade && pkg update.

                      Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

                      Let's wait and see

                      1 Reply Last reply Reply Quote 0
                      • M
                        monofox
                        last edited by Jan 30, 2021, 11:56 AM

                        +1

                        Can confirm this on latest stable pfSense factory. This does still happen after removing AddTrust CA from /usr/local/share/certs/ca-root-nss.crt (may we need to reboot?)

                        curl, openssl, etc. is choosing the correct certification path. fetch / pkg on freebsd seems to choose a different way for certification verification? Normally it should automatically ignore the AddTrust also its send from server and divert to system path and to go one of those two ways:
                        login-to-view

                        If i see it correctly, #1 must be possible for pfSense, as USERTrust RSA Certification Authority seems in system store.

                        Temporarily for urgent matter, it is strongly not recommended, but possible by disabling certification peer check via env SSL_NO_VERIFY_PEER=1 pkg update

                        1 Reply Last reply Reply Quote 0
                        • A
                          Alex89
                          last edited by Jan 30, 2021, 11:58 AM

                          Same here.. Thought it was an error on my side until i found this thread.. 😆
                          I guess we have to wait for the Team to fix that..?

                          1 Reply Last reply Reply Quote 3
                          • C
                            castigo86
                            last edited by Jan 30, 2021, 12:02 PM

                            Did anyone post a bug report?

                            P 1 Reply Last reply Jan 30, 2021, 12:33 PM Reply Quote 0
                            • P
                              provels @castigo86
                              last edited by Jan 30, 2021, 12:33 PM

                              @castigo86
                              I wouldn't worry too much. Mods will see in forum.

                              Peder

                              MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                              J 1 Reply Last reply Jan 30, 2021, 12:58 PM Reply Quote 1
                              • J
                                JRubenC @provels
                                last edited by Jan 30, 2021, 12:58 PM

                                @provels said in certificate error while running pkg update:

                                @castigo86
                                I wouldn't worry too much. Mods will see in forum.

                                Yeah. But it's a bit embarrasing that for everybody out there running pfsense systems, we're now stuck without being able to install new packages just because someone somewhere hasn't a proper monitoring of something and someone somewhere has to wake up on this Saturday, check the forums, see the 2 threads about it, think "shit!" and fix it.

                                😊

                                1 Reply Last reply Reply Quote 0
                                • D
                                  ddave
                                  last edited by Jan 30, 2021, 12:59 PM

                                  any options to install from command line? Trying to setup the OpenVPN Export wizard.

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    revengineer
                                    last edited by Jan 30, 2021, 1:00 PM

                                    Same issue here.

                                    1 Reply Last reply Reply Quote 1
                                    • Z
                                      Zak 0
                                      last edited by Jan 30, 2021, 1:50 PM

                                      Same, joined to post a question to get help, will get fixed when it's fixed.

                                      1 Reply Last reply Reply Quote 1
                                      • N
                                        nolaquen
                                        last edited by Jan 30, 2021, 1:58 PM

                                        Had the issue all morning, but it's back up and working for me now.

                                        1 Reply Last reply Reply Quote 1
                                        • C
                                          castigo86
                                          last edited by Jan 30, 2021, 2:01 PM

                                          Yap, I can confirm it's working for me too now.

                                          1 Reply Last reply Reply Quote 1
                                          2 out of 27
                                          • First post
                                            2/27
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.