Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Somehow broke pfBlockerNG feed updating (SSL)

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 448 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sremick
      last edited by

      One step forward, one step back. :D Sorry if this isn't the best location, but I don't know if it's a cert issue, a firewall issue, a pfBlockerNG issue, a routing issue, etc.

      I suspect that I broke this in the process of getting OpenVPN working. What I did was delete the user and server certs I had created in the past when attempting (and failing) to get VPN working, so that I could roll back to a clean starting point. The only cert remaining was the default self-signed one for the webconfig that you can't delete anyway.

      Then today I notice that all my pfBlockerNG/DNSBL feeds are now failing. I get the error "SSL certificate problem: self signed certificate". The timing and error message is what makes me suspect I somehow broke things. But I don't know why these feeds would've been dependent on the certs I had made for the purpose of the VPN?

      I read that I could change the status of a feed from "ON" to "FLEX" to basically bypass this, but 1) this isn't recommended and shouldn't be necessary normally, and 2) since it's happening to all the feeds the real problem lies elsewhere and that should be addressed. Plus there are quite a few feeds across multiple categories.

      Thoughts?

      pfBlockerNG-devel 2.2.5_37
      pfSense 2.4.5-RELEASE-p1

      1 Reply Last reply Reply Quote 0
      • S Offline
        sremick
        last edited by

        Ah, never mind. Figured it out. Wasn't exactly my fault. One of the lists I had added had suddenly included a block for github which is the location for many of my other lists... so many that I thought all or almost all were suddenly failing. The whole SSL thing was a red herring. DNSBL was blocking DNSBL list updates.

        Once I figured out the offending list, I disabled it and redid the downloads and everything is happy again now.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.