Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't upgrade - Certificate verification failed

    Installation and Upgrades
    5
    6
    685
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joeker last edited by joeker

      Just logged to my PFSense 2100 to check for updates and am getting this:

      Version 22.05-RELEASE (arm64)
      built on Wed Jun 22 18:56:18 UTC 2022
      FreeBSD 12.3-STABLE

      Unable to check for updates
      CPU Type ARM Cortex-A53 r0p4
      2 CPUs:
      CPU 0: ARM Cortex-A53 r0p4 affinity: 0
      CPU 1: ARM Cortex-A53 r0p4 affinity: 1
      SafeXcel Crypto: Yes (inactive)
      Hardware crypto Inactive

      When I go update packages I get this:

      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Authentication error
      repository pfSense-core has no meta file, using default settings
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Authentication error
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Authentication error
      Unable to update repository pfSense-core
      Updating pfSense repository catalogue...
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Authentication error
      repository pfSense has no meta file, using default settings
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Authentication error
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
      1086423040:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
      pkg-static: https://pkg00-atx.netgate.com/pkgpkg+https://firmware.netgate.com/pkgpkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Authentication error
      Unable to update repository pfSense
      Error updating repositories!
      

      86e36a36-530e-49f8-9540-05db5589ae62-image.png![alt text](image url)

      Tried a reboot, and then halted system and did a cold reboot, still nothing.

      Also tried setting branch to previous Stable version, then back to Latest Stable Version - didn't work.

      Then tried running: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

      didn't work:

      Updating pfSense-core repository catalogue...
      pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Service Unavailable
      repository pfSense-core has no meta file, using default settings
      pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Service Unavailable
      pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Service Unavailable
      Unable to update repository pfSense-core
      Updating pfSense repository catalogue...
      pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Service Unavailable
      repository pfSense has no meta file, using default settings
      pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Service Unavailable
      pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Service Unavailable
      Unable to update repository pfSense
      Error updating repositories!
      

      Any guidance is appreciated.

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate Administrator @joeker last edited by rcoleman-netgate

        @joeker https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems?_=1676824718745

        Just letting the community know that updates to pfSense Plus version 23.01 have been stopped for the Netgate 1100 and 2100 systems while we investigate an issue that affects older systems. We will resume updates as soon as we can. Thanks for your patience.

        --
        Ryan
        Repeat (after me): MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        J 1 Reply Last reply Reply Quote 0
        • J
          joeker @rcoleman-netgate last edited by

          @rcoleman-netgate Alrighty then, thank you

          P 1 Reply Last reply Reply Quote 0
          • P
            pzl @joeker last edited by

            @joeker Have same deal. The nginx server reverse proxy at https://repo00.atx.netgate.com/pkg/ has an invalid certificate?

            Issued On Friday, March 18, 2022 at 10:07:17 AM
            Expires On Monday, November 17, 2521 at 9:07:17 AM

            🙃

            1 Reply Last reply Reply Quote 0
            • A
              AlexandroRubio last edited by

              I have a Netgate 2100 (arm64). Having the exact same problem.

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS @AlexandroRubio last edited by

                @alexandrorubio Don’t know about the cert but upgrades are still paused. You can reinstall and restore from backup just fine though:
                https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/reinstall-pfsense.html

                Steve

                Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
                When upgrading, let it finish; do not reboot early. Allow 10-15 minutes, or more depending on packages and device speed.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post