• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

certificate error while running pkg update

General pfSense Questions
19
27
7.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    castigo86
    last edited by Jan 30, 2021, 11:54 AM

    Yeah, same for me on pgk upgrade && pkg update.

    Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

    Let's wait and see

    1 Reply Last reply Reply Quote 0
    • M
      monofox
      last edited by Jan 30, 2021, 11:56 AM

      +1

      Can confirm this on latest stable pfSense factory. This does still happen after removing AddTrust CA from /usr/local/share/certs/ca-root-nss.crt (may we need to reboot?)

      curl, openssl, etc. is choosing the correct certification path. fetch / pkg on freebsd seems to choose a different way for certification verification? Normally it should automatically ignore the AddTrust also its send from server and divert to system path and to go one of those two ways:
      login-to-view

      If i see it correctly, #1 must be possible for pfSense, as USERTrust RSA Certification Authority seems in system store.

      Temporarily for urgent matter, it is strongly not recommended, but possible by disabling certification peer check via env SSL_NO_VERIFY_PEER=1 pkg update

      1 Reply Last reply Reply Quote 0
      • A
        Alex89
        last edited by Jan 30, 2021, 11:58 AM

        Same here.. Thought it was an error on my side until i found this thread.. 😆
        I guess we have to wait for the Team to fix that..?

        1 Reply Last reply Reply Quote 3
        • C
          castigo86
          last edited by Jan 30, 2021, 12:02 PM

          Did anyone post a bug report?

          P 1 Reply Last reply Jan 30, 2021, 12:33 PM Reply Quote 0
          • P
            provels @castigo86
            last edited by Jan 30, 2021, 12:33 PM

            @castigo86
            I wouldn't worry too much. Mods will see in forum.

            Peder

            MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
            BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

            J 1 Reply Last reply Jan 30, 2021, 12:58 PM Reply Quote 1
            • J
              JRubenC @provels
              last edited by Jan 30, 2021, 12:58 PM

              @provels said in certificate error while running pkg update:

              @castigo86
              I wouldn't worry too much. Mods will see in forum.

              Yeah. But it's a bit embarrasing that for everybody out there running pfsense systems, we're now stuck without being able to install new packages just because someone somewhere hasn't a proper monitoring of something and someone somewhere has to wake up on this Saturday, check the forums, see the 2 threads about it, think "shit!" and fix it.

              😊

              1 Reply Last reply Reply Quote 0
              • D
                ddave
                last edited by Jan 30, 2021, 12:59 PM

                any options to install from command line? Trying to setup the OpenVPN Export wizard.

                1 Reply Last reply Reply Quote 0
                • R
                  revengineer
                  last edited by Jan 30, 2021, 1:00 PM

                  Same issue here.

                  1 Reply Last reply Reply Quote 1
                  • Z
                    Zak 0
                    last edited by Jan 30, 2021, 1:50 PM

                    Same, joined to post a question to get help, will get fixed when it's fixed.

                    1 Reply Last reply Reply Quote 1
                    • N
                      nolaquen
                      last edited by Jan 30, 2021, 1:58 PM

                      Had the issue all morning, but it's back up and working for me now.

                      1 Reply Last reply Reply Quote 1
                      • C
                        castigo86
                        last edited by Jan 30, 2021, 2:01 PM

                        Yap, I can confirm it's working for me too now.

                        1 Reply Last reply Reply Quote 1
                        • V
                          viktor_g Netgate
                          last edited by Jan 30, 2021, 2:05 PM

                          Fixed! 👍

                          1 Reply Last reply Reply Quote 1
                          • F
                            fjsantos
                            last edited by Jan 30, 2021, 2:24 PM

                            @viktor_g said in certificate error while running pkg update:

                            Fixed!

                            Fixed!

                            1 Reply Last reply Reply Quote 1
                            • E
                              elite_kzm
                              last edited by Jan 30, 2021, 7:14 PM

                              Working for me now as well, but I had to manually force an update via the cmd line: /usr/local/sbin/pkg-static update -f

                              1 Reply Last reply Reply Quote 0
                              • Z
                                zitstif
                                last edited by Feb 18, 2021, 12:11 AM

                                I'm now having this issue, I was able to update the day before.

                                pkg update
                                pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
                                Updating pfSense-core repository catalogue...
                                Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com
                                1086972976:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/factory-crossbuild-245-aarch64/sources/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269:

                                [truncated]

                                Unable to update repository pfSense
                                Error updating repositories!

                                A 1 Reply Last reply Feb 18, 2021, 12:47 AM Reply Quote 0
                                • A
                                  Apsis-IM @zitstif
                                  last edited by Apsis-IM Feb 18, 2021, 12:49 AM Feb 18, 2021, 12:47 AM

                                  @zitstif looks like a very different issue.

                                  Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

                                  Is what we were experiencing before.

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    chris-net
                                    last edited by chris-net Jun 3, 2023, 10:38 AM Jun 3, 2023, 10:36 AM

                                    I'm getting an issue in 23.05 doing a pkg update.

                                    my browser shows the cert expires in 2122 which is likely the cause of the problem.

                                    Not sure how negate create a 99 year cert.

                                    any work arounds?

                                    sample site to check cert
                                    https://pfsense-plus-pkg01.atx.netgate.com/pfSense_plus-v23_05_amd64-core/packagesite.pkg

                                    login-to-view

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by Jun 3, 2023, 12:32 PM

                                      The cert error you see when updating against 23.05 is not related to this ancient thread. It's probably because the pkg repo is using data for the wrong branch. The first thing to try here is to go to Sys > Update > Update Settings and resave 23.05 as the elected branch. That will copy in the correct certs and keys for 23.05.

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.