Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade from 2.3.3p1 to 2.3.4 failes with repo SSL errors

    Problems Installing or Upgrading pfSense Software
    3
    4
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cardy
      last edited by

      Currently running:

      2.3.3-RELEASE-p1 (amd64)
      built on Thu Mar 09 07:17:41 CST 2017
      FreeBSD 10.3-RELEASE-p17

      Unable to check for updates

      The update status says its unable to check for updates as shown above.

      I tried to start an upgrade via System->Update    and get SSL errors about being unable to update from the repository.

      Updating repositories metadata…
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      pfSense repository is up to date.
      All repositories are up to date.
      Unlocking package pfSense-kernel-pfSense... done.
      Downloading upgrade packages...
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      pkg: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory
      SSL certificate subject doesn't match host files01.netgate.com
      pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/meta.txz: Authentication error
      repository pfSense has no meta file, using default settings
      SSL certificate subject doesn't match host files01.netgate.com
      pkg: https://pkg.pfsense.org/pfSense_v2_3_4_amd64-pfSense_v2_3_4/packagesite.txz: Authentication error
      Unable to update repository pfSense
      Error updating repositories!
      Locking package pfSense-kernel-pfSense... done.
      Failed

      Not had any issues with this machine before and am not having any now except being unable to update.

      Looks like an SSL issue on the repo servers ?

      1 Reply Last reply Reply Quote 0
      • A
        andyhi
        last edited by

        Running into similar problems on 3 of 3 vms in a lab that were upgraded to 2.3.3 two or three weeks back.

        While this has been best practice for a while, there has been talk of security changes to Chrome that now require a cert used for SSL include the subject name in the Subject Alternate Name list… not sure if similar logic has made it's way into some of the code used in the recently upgraded 2.3.3 packages.

        Update 2 - Manually viewing the cert chain in Chrome for https://pkg.pfsense.org/ looks good.  (updates.nyi.pfsense.org)  The SSL/TLS cert, intermediate, and root come back valid.  Also the SSL/TLS cert has *.pfsense.org as the subject and is first in the SAN list.

        I also found the instructions for cleaning out packages left over from 2.2.x but this didn't resolve the issue.  "find / -type l -lname '/usr/pbi/*' -delete"

        I also found the option to upload the tar.gz upgrade package for offline upgrade is no longer available due to the move to newer modular design.  :(  (Some isolated environments could really use this without having to do a wipe and fresh install from the full install .iso.)

        Open to suggestions... have vm snapshot capability and this is a lab...

        Update 3 - Problem resolved itself.  All 3 boxes updated successfully from console option 13 after 6 - 10 tries, multiple restarts, a couple of "find / -type l -lname '/usr/pbi/*' -delete" and a "pfSense-upgrade -d" or two thrown in at random times on each host.  Can't prove it but really looks like there were upstream SSL issues... either at one of the hosting repositories or a man in the middle trying to peak into my SSL connections.

        1 Reply Last reply Reply Quote 0
        • empbillyE
          empbilly
          last edited by

          Try these steps in the below link.
          https://forum.pfsense.org/index.php?topic=130054.msg716736#msg716736

          https://eliasmoraispereira.wordpress.com/

          1 Reply Last reply Reply Quote 0
          • C
            cardy
            last edited by

            Tha worked for me and has fixed the issue, Thanks.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.