Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Easylist update fails. Expired Cert

    Scheduled Pinned Locked Moved
    pfBlockerNG
    18
    43
    17.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RicoR
      Rico LAYER 8 Rebel Alliance
      last edited by Rico

      Fixed between 06/12/20 19:15:00 and 06/12/20 20:15:00 (UTC+1)

      [ EasyList ]			 Downloading update . cURL Error: 60
SSL certificate problem: certificate has expired Retry in 5 seconds...
. cURL Error: 60
SSL certificate problem: certificate has expired Retry in 5 seconds...
. cURL Error: 60
SSL certificate problem: certificate has expired Retry in 5 seconds...
.. unknown http status code | 0

 [ DNSBL_EasyList - EasyList ] Download FAIL [ 06/12/20 19:15:28 ]

      [ EasyList ]			 Downloading update .. 200 OK.
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  2491     2452       5          0          0          2447                 
  ----------------------------------------------------------------------

[ EasyPrivacy ]			 Downloading update [ 06/12/20 20:15:17 ] .. 200 OK.

      -Rico

      2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

      1 Reply Last reply Reply Quote 1
      • V
        Vatreni @jimmythedog
        last edited by Vatreni

        @jimmythedog said in Easylist update fails. Expired Cert:

        Hi All,
        First time user, so please be gentle with me!

        I think this article describes the problem quite well - especially the Cross-signing section

        So, to fix it, I deleted the old CA from the /usr/local/share/certs/ca-root-nss.crt file (lines 423-512 in my version), as described in the What to do? section in that link above

        HTH

        Old thread but still relevant and found in google. I have an older pfsense install that I can't update for now. The CA file referred to above in mine has dozens of certs now out of date.

        I have removed some that had "not after" prior to today, and it let the update of easylist work, so many thanks.

        There are plenty to still remove, and while I'm sure the official solution is "update pfsense ffs", is there a place to just download an up-to-date valid ca-root-nss.crt
        that will work?

        And thanks for your update - v helpful

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @Vatreni
          last edited by Gertjan

          @Vatreni

          Just thinking out loud : what about getting an ISO from 'whatever' open source project ? FreeBSD or Debian etc.
          Copy what you find under /etc/ssl/.

          edit : forgot about the most obvious one : get the latest pfSense !!!!!
          ( as you need it even when you don't install it !!)

          and get the latest ca-root certs out of it.

          Btw: having troubles with expired certs if the top of the ice-berg(problem).

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 1
          • First post
            Last post