Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update 21.02.02-RELEASE to 21.05 fail, CERT error?

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    2
    5
    752
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mer
      last edited by

      SG2100, I've searched and either haven't found the right combination of terms or "it's different".
      When 21.05 was released, I saw it as available on the dashboard and the orange LED was blinking as designed. I was not in a position to do the update at that point but noted and marked it as a TODO.

      A few days later (earlier this week) I noticed the orange LED not blinking and dashboard said "unable to obtain update status".

      Poked around, started following steps in the Upgrade trouble shooting guide. Here's the output from the first couple of commands there:

      pkg-static info -x pfSense-upgrade
      pfSense-upgrade-0.98

      pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
      Updating pfSense-core repository catalogue...
      1082880000:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283:
      Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com
      1082880000:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
      Child process pid=47803 terminated abnormally: Segmentation fault

      Before I open a ticket for the software image, any thoughts, anyone else run into this, is is simply an out of date cert for the repo (if so any ideas on how to fix)?

      Thanks.

      B 1 Reply Last reply Reply Quote 0
      • B
        bigsy @mer
        last edited by

        @mer Have a look at Segmentation Fault in pkg.

        The solution is to shut the device down, unplug the power and reboot.

        M 2 Replies Last reply Reply Quote 0
        • M
          mer @bigsy
          last edited by

          @bigsy Thanks, saw that I should have asked if this device was prone to this. Only reason I didn't ask was dashboard says "crypto inactive" so sounded like I didn't need to. But, that is worth a try.

          This part of my output differs from the trouble shooting guide.
          "Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com"

          1 Reply Last reply Reply Quote 0
          • M
            mer @bigsy
            last edited by

            @bigsy Well, my fault for assuming that what the trouble shooting guide said didn't apply, power cycle fixed it.
            Thanks for the help, everyone else can ignore this post.

            B 1 Reply Last reply Reply Quote 1
            • B
              bigsy @mer
              last edited by

              @mer The only reason I suggested this was I ran into a similar issue a few weeks ago on an SG-2100 and I've also seen it reported for the SG-1100. I don't know if it's an aarch64 specific issue or not.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post