Can't upgrade - Certificate verification failed

joeker

Just logged to my PFSense 2100 to check for updates and am getting this:

Version 22.05-RELEASE (arm64)
built on Wed Jun 22 18:56:18 UTC 2022
FreeBSD 12.3-STABLE

Unable to check for updates
CPU Type ARM Cortex-A53 r0p4
2 CPUs:
CPU 0: ARM Cortex-A53 r0p4 affinity: 0
CPU 1: ARM Cortex-A53 r0p4 affinity: 1
SafeXcel Crypto: Yes (inactive)
Hardware crypto Inactive

When I go update packages I get this:

Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Authentication error
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Authentication error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Authentication error
repository pfSense has no meta file, using default settings
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Authentication error
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Authentication error
Unable to update repository pfSense
Error updating repositories!

🔒 Log in to view

Tried a reboot, and then halted system and did a cold reboot, still nothing.

Also tried setting branch to previous Stable version, then back to Latest Stable Version - didn't work.

Then tried running: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

didn't work:

Updating pfSense-core repository catalogue...
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Service Unavailable
repository pfSense-core has no meta file, using default settings
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Service Unavailable
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Service Unavailable
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Service Unavailable
repository pfSense has no meta file, using default settings
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Service Unavailable
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Service Unavailable
Unable to update repository pfSense
Error updating repositories!

Any guidance is appreciated.

rcoleman-netgate

@joeker https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems?_=1676824718745

Just letting the community know that updates to pfSense Plus version 23.01 have been stopped for the Netgate 1100 and 2100 systems while we investigate an issue that affects older systems. We will resume updates as soon as we can. Thanks for your patience.

joeker

@rcoleman-netgate Alrighty then, thank you

pzl

@joeker Have same deal. The nginx server reverse proxy at https://repo00.atx.netgate.com/pkg/ has an invalid certificate?

Issued On Friday, March 18, 2022 at 10:07:17 AM
Expires On Monday, November 17, 2521 at 9:07:17 AM

AlexandroRubio

I have a Netgate 2100 (arm64). Having the exact same problem.

SteveITS

@alexandrorubio Don’t know about the cert but upgrades are still paused. You can reinstall and restore from backup just fine though:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/reinstall-pfsense.html

joeker

@rcoleman-netgate

Is it ok to upgrade to Netgate 2100 to Version 23.05.1, or is this still an issue?

Thanks

SteveITS

@joeker Upgrades were allowed again in the spring. If you have a router that has the small EFI partition it will stop and warn you (as opposed to trying and failing), and if that is the case you'll need to reinstall per the above link.

https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems

rcoleman612

@joeker I don't work here anymore.