• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't upgrade - Certificate verification failed

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
9 Posts 6 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    joeker
    last edited by joeker Feb 19, 2023, 4:36 PM Feb 19, 2023, 4:27 PM

    Just logged to my PFSense 2100 to check for updates and am getting this:

    Version 22.05-RELEASE (arm64)
    built on Wed Jun 22 18:56:18 UTC 2022
    FreeBSD 12.3-STABLE

    Unable to check for updates
    CPU Type ARM Cortex-A53 r0p4
    2 CPUs:
    CPU 0: ARM Cortex-A53 r0p4 affinity: 0
    CPU 1: ARM Cortex-A53 r0p4 affinity: 1
    SafeXcel Crypto: Yes (inactive)
    Hardware crypto Inactive

    When I go update packages I get this:

    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Authentication error
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Authentication error
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
    1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
    pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Authentication error
    Unable to update repository pfSense
    Error updating repositories!
    

    86e36a36-530e-49f8-9540-05db5589ae62-image.png![alt text](image url)

    Tried a reboot, and then halted system and did a cold reboot, still nothing.

    Also tried setting branch to previous Stable version, then back to Latest Stable Version - didn't work.

    Then tried running: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

    didn't work:

    Updating pfSense-core repository catalogue...
    pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Service Unavailable
    repository pfSense-core has no meta file, using default settings
    pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Service Unavailable
    pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Service Unavailable
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Service Unavailable
    repository pfSense has no meta file, using default settings
    pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Service Unavailable
    pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Service Unavailable
    Unable to update repository pfSense
    Error updating repositories!
    

    Any guidance is appreciated.

    R 1 Reply Last reply Feb 19, 2023, 4:39 PM Reply Quote 0
    • R
      rcoleman-netgate Netgate @joeker
      last edited by rcoleman-netgate Feb 19, 2023, 4:40 PM Feb 19, 2023, 4:39 PM

      @joeker https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems?_=1676824718745

      Just letting the community know that updates to pfSense Plus version 23.01 have been stopped for the Netgate 1100 and 2100 systems while we investigate an issue that affects older systems. We will resume updates as soon as we can. Thanks for your patience.

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      J 2 Replies Last reply Feb 19, 2023, 4:40 PM Reply Quote 0
      • J
        joeker @rcoleman-netgate
        last edited by Feb 19, 2023, 4:40 PM

        @rcoleman-netgate Alrighty then, thank you

        P 1 Reply Last reply Mar 1, 2023, 4:23 PM Reply Quote 0
        • P
          pzl @joeker
          last edited by Mar 1, 2023, 4:23 PM

          @joeker Have same deal. The nginx server reverse proxy at https://repo00.atx.netgate.com/pkg/ has an invalid certificate?

          Issued On Friday, March 18, 2022 at 10:07:17โ€ฏAM
          Expires On Monday, November 17, 2521 at 9:07:17โ€ฏAM

          ๐Ÿ™ƒ

          1 Reply Last reply Reply Quote 0
          • A
            AlexandroRubio
            last edited by Mar 4, 2023, 2:42 AM

            I have a Netgate 2100 (arm64). Having the exact same problem.

            S 1 Reply Last reply Mar 4, 2023, 4:21 AM Reply Quote 0
            • S
              SteveITS Galactic Empire @AlexandroRubio
              last edited by Mar 4, 2023, 4:21 AM

              @alexandrorubio Donโ€™t know about the cert but upgrades are still paused. You can reinstall and restore from backup just fine though:
              https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/reinstall-pfsense.html

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote ๐Ÿ‘ helpful posts!

              1 Reply Last reply Reply Quote 0
              • J jrey referenced this topic on May 23, 2023, 11:40 AM
              • J jrey referenced this topic on May 23, 2023, 11:41 AM
              • J
                joeker @rcoleman-netgate
                last edited by Oct 21, 2023, 5:20 PM

                @rcoleman-netgate

                Is it ok to upgrade to Netgate 2100 to Version 23.05.1, or is this still an issue?

                Thanks

                S R 2 Replies Last reply Oct 21, 2023, 5:43 PM Reply Quote 0
                • S
                  SteveITS Galactic Empire @joeker
                  last edited by Oct 21, 2023, 5:43 PM

                  @joeker Upgrades were allowed again in the spring. If you have a router that has the small EFI partition it will stop and warn you (as opposed to trying and failing), and if that is the case you'll need to reinstall per the above link.

                  https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote ๐Ÿ‘ helpful posts!

                  1 Reply Last reply Reply Quote 2
                  • R
                    rcoleman612 @joeker
                    last edited by Nov 3, 2023, 4:20 AM

                    @joeker I don't work here anymore.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received