Pfsense 2.6 to plus. Unable to check
-
@rcoleman-netgate said in Pfsense 2.6 to plus. Unable to check:
@antibiotic This shouldn't have anything to do with this. The local GUI Cert is not related to repo access.
But for the record, I did.
It didn't solve anything. -
This post is deleted! -
@barnops Also, interesting that the validity dates on this cert are expired.
openssl x509 -in /etc/ssl/pfSense-repo-custom.cert -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:c3:e5:________________________:45:83:59:5a:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Texas, L = Austin, O = "Rubicon Communications, LLC (Netgate)", OU = ProdTrack CA, CN = ProdTrack CA
Validity
Not Before: Mar 10 19:01:29 2023 GMT
Not After : Mar 11 07:01:29 2023 GMT -
Perhaps related: since a reboot this morning I don't get any package repos with the following errors:
...shortened... Updating pfSense repository catalogue... Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/meta.txz: Authentication error repository pfSense has no meta file, using default settings Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.pkg: Authentication error Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com 35160031232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921: pkg: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz: Authentication error Unable to update repository pfSense Error updating repositories! -
Looks like whatever was going wrong was resolved this morning.
I am now able to pull the update version.But wasn't it a requirement to swap to 22.01 first when upgrading from CE to Plus?
Now 23.01 is listed when going from 2.6.0.
-
@barnops said in Pfsense 2.6 to plus. Unable to check:
Looks like whatever was going wrong was resolved this morning.
I am now able to pull the update version.But wasn't it a requirement to swap to 22.01 first when upgrading from CE to Plus?
Now 23.01 is listed when going from 2.6.0.Seems like it updated properly to 23.01 with no ill effects:
Removing unnecessary packages... done.
Cleanup pkg cache... done.
pfSense 23.01-RELEASE amd64 Fri Feb 10 20:06:33 UTC 2023
Bootup completeSo what ended up being the issue?
-
Again unable to check available packages. Please fix it!
Updating pfSense-core repository catalogue...
pkg: pkg00.atx.netgate.com/pfSense_plus-v23_01_amd64-core/meta.txz: Bad Request
repository pfSense-core has no meta file, using default settings. Trying entering to https://pfsense-plus-pkg00.atx.netgate.com/ from browser and result: 400 Bad Request
No required SSL certificate was sent
nginx. -
Solution : rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
-
@antibiotic said in Pfsense 2.6 to plus. Unable to check:
Solution : rm /usr/local/share/pfSense/pkg/repos/pfSense-repo-custom.*
Randomly deleting repository files isn't really a "solution". That seems more like a thing, that was working for you, but the repos are set from changing/setting the release path in the update screen.
-
@jegr said in Pfsense 2.6 to plus. Unable to check:
Randomly deleting repository files isn't really a "solution". That seems more like a thing, that was working for you, but the repos are set from changing/setting the release path in the update screen.
That is in our redmine, however, as a workaround.
-
same issue... come one netgate, do your job... Just saying PFS+ is supposed to be the payed for tier, and I got customers running it...
-
@siman said in Pfsense 2.6 to plus. Unable to check:
same issue... come one netgate, do your job... Just saying PFS+ is supposed to be the payed for tier, and I got customers running it...
If you're a paying customer have you bothered to open a ticket with TAC?
https://go.netgate.com/ -
@picturetaker Customers haven't called me yet. I run it at home in lab form, if I get called and Im working for them I would open one. Can't do anything if I'm not representing them.
-
I just went through a similar situation. I installed pfSense 2.6 on a new machine and everything looked fine. I then upgraded to pfSense+ v23.01. The upgrade looked fine and the machine was working. However, when I went to install other packages, I received the "no packages available" message. Going into a shell via SSH to update packages did not work and I also got the "bad request" error when trying that.
The work-around solution that worked for me was to clean up the custom repo info in /usr/local/share/pfSense/pkg/. Apparently, the upgrade from 2.6 to 23.01 is leaving some 2.6 info in the folder which then causes authentication/access issues when trying to get to the 23.01 repos.
There is a write-up of the issue (and the manual work-around) at https://redmine.pfsense.org/issues/14137
-
I just wanted to pop in and say that I was also running into a "Bad Request" issue just now on
23.01when trying to runpkg updateand I was able to resolve this by plopping in my Register key via the UI. I was going through some troubleshooting last week with pfSense support and during the re-issuing of Plus certs it must have wiped the Registration key somewhere along the way. I was upgrading from2.7.xCE to23.01Plus.
