certificate error while running pkg update
-
hi all
i have pfsense 2.4.5_1 and today while updating packges it gives me the following certificate errors
-
Yep, not just you. I'm experiencing the same issue.
-
Same.
-
Add me to the list. Was working earlier today, then stopped working for me this evening. I initially suspected it may have been related to some changes I made to DNS Resolver configuration, but after spending an hour or so tearing my hair out and trying various potential fixes I found online, I stumbled on this thread. Getting the exact same error when I try running
/usr/local/sbin/pkg-static update -fper this page. -
Me too:
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
34406329672:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/ce-crossbuild-245/sources/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269:blablabla
-
Same for me
Updating repositories metadata...
pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root -
I'm pretty new to pfsense and BSD in general. I went wild with fixes all over this board, Reddit, and random google search results. It appears this has happened before (May 2020). The netgate team had to update certs on the webserver.
-
@apsis-im
Yep, I think you are correct. -
+1
Not working either on a new install I was performing this Saturday.
Interestingly, both https://files00.netgate.com/ and https://files01.netgate.com/ have a valid certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.netgate.com * start date: Mar 13 00:00:00 2019 GMT * expire date: Apr 11 23:59:59 2021 GMTso clearly is something deeper in their setup... I guess we have to wait.
-
Yeah, same for me on pgk upgrade && pkg update.
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA RootLet's wait and see
-
+1
Can confirm this on latest stable pfSense factory. This does still happen after removing AddTrust CA from
/usr/local/share/certs/ca-root-nss.crt(may we need to reboot?)curl, openssl, etc. is choosing the correct certification path.
fetch/pkgon freebsd seems to choose a different way for certification verification? Normally it should automatically ignore the AddTrust also its send from server and divert to system path and to go one of those two ways:
If i see it correctly, #1 must be possible for pfSense, as
USERTrust RSA Certification Authorityseems in system store.Temporarily for urgent matter, it is strongly not recommended, but possible by disabling certification peer check via
env SSL_NO_VERIFY_PEER=1 pkg update -
Same here.. Thought it was an error on my side until i found this thread..
I guess we have to wait for the Team to fix that..? -
Did anyone post a bug report?
-
@castigo86
I wouldn't worry too much. Mods will see in forum. -
@provels said in certificate error while running pkg update:
@castigo86
I wouldn't worry too much. Mods will see in forum.Yeah. But it's a bit embarrasing that for everybody out there running pfsense systems, we're now stuck without being able to install new packages just because someone somewhere hasn't a proper monitoring of something and someone somewhere has to wake up on this Saturday, check the forums, see the 2 threads about it, think "shit!" and fix it.
-
any options to install from command line? Trying to setup the OpenVPN Export wizard.
-
Same issue here.
-
Same, joined to post a question to get help, will get fixed when it's fixed.
-
Had the issue all morning, but it's back up and working for me now.
-
Yap, I can confirm it's working for me too now.
