Unable to upgrade; CA errors



  • I can't upgrade any packages, or the system.  My web UI is down, too.  I'm using letsencrypt…if that makes a difference.  Any thoughts? I'm going out of my mind here.

    [2.3.3-RELEASE][root@pfsense]/usr/local/sbin: pfSense-upgrade -d

    Updating repositories metadata…
    Updating pfSense-core repository catalogue...
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_3_amd64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_3_amd64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_3_amd64-pfSense_v2_3_3/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    34401147400:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_3_amd64-pfSense_v2_3_3/packagesite.txz: Authentication error
    Unable to update repository pfSense



  • I don't know what the issue was…but I backed up my config.xml, rolled back my VM to a snapshot from a few weeks ago, restored the config.xml, and am able to run the update(s) now.


Log in to reply