certificate error while running pkg update
-
Same for me
Updating repositories metadata...
pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root -
I'm pretty new to pfsense and BSD in general. I went wild with fixes all over this board, Reddit, and random google search results. It appears this has happened before (May 2020). The netgate team had to update certs on the webserver.
-
@apsis-im
Yep, I think you are correct. -
+1
Not working either on a new install I was performing this Saturday.
Interestingly, both https://files00.netgate.com/ and https://files01.netgate.com/ have a valid certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.netgate.com * start date: Mar 13 00:00:00 2019 GMT * expire date: Apr 11 23:59:59 2021 GMTso clearly is something deeper in their setup... I guess we have to wait.
-
Yeah, same for me on pgk upgrade && pkg update.
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA RootLet's wait and see
-
+1
Can confirm this on latest stable pfSense factory. This does still happen after removing AddTrust CA from
/usr/local/share/certs/ca-root-nss.crt(may we need to reboot?)curl, openssl, etc. is choosing the correct certification path.
fetch/pkgon freebsd seems to choose a different way for certification verification? Normally it should automatically ignore the AddTrust also its send from server and divert to system path and to go one of those two ways:
If i see it correctly, #1 must be possible for pfSense, as
USERTrust RSA Certification Authorityseems in system store.Temporarily for urgent matter, it is strongly not recommended, but possible by disabling certification peer check via
env SSL_NO_VERIFY_PEER=1 pkg update -
Same here.. Thought it was an error on my side until i found this thread..
I guess we have to wait for the Team to fix that..? -
Did anyone post a bug report?
-
@castigo86
I wouldn't worry too much. Mods will see in forum. -
@provels said in certificate error while running pkg update:
@castigo86
I wouldn't worry too much. Mods will see in forum.Yeah. But it's a bit embarrasing that for everybody out there running pfsense systems, we're now stuck without being able to install new packages just because someone somewhere hasn't a proper monitoring of something and someone somewhere has to wake up on this Saturday, check the forums, see the 2 threads about it, think "shit!" and fix it.
-
any options to install from command line? Trying to setup the OpenVPN Export wizard.
-
Same issue here.
-
Same, joined to post a question to get help, will get fixed when it's fixed.
-
Had the issue all morning, but it's back up and working for me now.
-
Yap, I can confirm it's working for me too now.
-
Fixed!
-
-
Working for me now as well, but I had to manually force an update via the cmd line:
/usr/local/sbin/pkg-static update -f -
I'm now having this issue, I was able to update the day before.
pkg update
pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com
1086972976:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/factory-crossbuild-245-aarch64/sources/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269:[truncated]
Unable to update repository pfSense
Error updating repositories! -
@zitstif looks like a very different issue.
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Is what we were experiencing before.
