Issue with going from 2.7.0 to 2.7.2
-
@Understudy @stephenw10 I had exactly the same issue - and under the GUI it was all showing green. Saw a youtube video about the patch and the fixes it includes and wondered if I had it.
The UI said the current stable 2.7.2 branch was selected. And that the current/latest and installed (base) versions were 2.7.0 and were up to date. I almost assumed that meant that the .2 update didn't show there and I was all good.
Only after checking this forum and trying option 13 and getting the same then fixing it with the
certctl rehash
command then following up with
pfSense-upgrade
did it suddenly spring back into life.I really wish there was a better UI display that something had gone wrong here and that I was actually out of date.
Is the rehash thing something I should get it to run on cron weekly or something to ensure this doesn't happen again? -
No going forward from 2.7.2 that is run before checking anyway. You don't need to do anything further.
-
Ok, the situation for me ended up being a cert issue.
certctl rehash
it also may have taken a bit of tweaking on some of the servers but it did get addressed and my running certctl rehash and pfSense-upgrade ended up being successful.
So we now have 2.7.2 running on the equipment.
Thank you all again.
-
@stephenw10 Your suggestion did help solve the problem in my system upgrading from 23.05.1 to 23.09.1, nothing else worked.
-
Wow. This update sure caught me by surprise. I've been using this for probably 15yrs+ at least. Like everyone stated my 2.7.0 said all up to date...good to go and 2.7.2 was ready to install. It appeared to install fine I guess...I freaked after it didnt come up after 2-3 min because I know it boots faster than that. Then I saw the console was at a login prompt and not the normal prompt after a full boot displaying all the interfaces.
Anyways after this upgrade. I've learned my lesson. This is the 2nd time an update crashed my system and I had to go to the console. I mean that's not bad over 15yrs+ of using pfsense. I need to do some reading up on whats new and whatnot. I did notice at a quick glance I saw something about the dhcp server at the end of life. From now on before upgrading I will read forums for any problems. I always wait to upgrade anyways. I also wait in the professional world just because of stuff like this.
So if anyone wants to just go straight to what worked for me to quickly get it up. First you need to have a kind of recent backup. Which I did have and it was version 2.7.0. I had a full backup with RRD Graphs/packages/etc. I downloaded 2.7.2 and installed it clean, accessed the web gui and restored. Then went back to the console to make sure it had the interfaces aligned still. Logged back in and everything was re-installing in the background. After a few minutes everything came back up. 2 LANs, 2 DHCP...static mappings...etc. Once reinstalling it just took a few minutes to put the backup file on and home networks were up in no time.
HTH - now off to read up on what all is new.
-
I also had this issue and certctl rehash fixed it. It would be nice to see an error message when checking for updates on the dashboard instead of thinking everything is fine. Also in case anyone can't boot after the update you may need a BIOS update. Here's my experience https://forum.netgate.com/post/1151342
-
-
-
-
-
-
-
I'm having similar issues... So I had pfSense deployed on a old Celeron chip/box...
did a backup, got new Topton based on a U300E installed, Had problems to get the backup restored so copied the backup as config.xml to /conf and restarted.discovered none of my packages are installed... and thinking also why my inbound routing to a HA deployed inside network is failing... I have outbound, strangely my inbound onto my OpenVPN is working... so CloudFlare which I use to proxy me is routing to the new device.
Below is the error i get if I execute:
pkg-static -d update
* Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults * Hostname pkg00-atx.netgate.com was found in DNS cache * Trying 208.123.73.207:443... * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * Connected to pkg00-atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: none * CApath: /etc/ssl/certs/ * SSL certificate problem: unable to get local issuer certificate * Closing connection pkg-static: An error occured while fetching package DBG(1)[44631]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.txz DBG(1)[44631]> curl_open DBG(1)[44631]> Fetch: fetcher used: pkg+https DBG(1)[44631]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.txz DBG(1)[44631]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults * Hostname pkg00-atx.netgate.com was found in DNS cache * Trying 208.123.73.207:443... * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * Connected to pkg00-atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: none * CApath: /etc/ssl/certs/ * SSL certificate problem: unable to get local issuer certificate * Closing connection DBG(1)[44631]> CURL> attempting to fetch from , left retry 2 * Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults * Hostname pkg01-atx.netgate.com was found in DNS cache * Trying 208.123.73.209:443... * Trying [2610:160:11:18::209]:443... * Immediate connect fail for 2610:160:11:18::209: No route to host * Connected to pkg01-atx.netgate.com (208.123.73.209) port 443 * ALPN: curl offers http/1.1 * CAfile: none * CApath: /etc/ssl/certs/ * SSL certificate problem: unable to get local issuer certificate * Closing connection DBG(1)[44631]> CURL> attempting to fetch from , left retry 1
-
@georgelza said in Issue with going from 2.7.0 to 2.7.2:
nable to get local issuer certificat
-
So your new device is running 2.7.0 not 2.7.2?
If so you'll need to run
certctl rehash
to upgrade. -
@stephenw10 you will notice above i did...
eventually got it upgraded to 2.7 then did a restore of backup again and then a resupply of credentials, followed by haproxy which was the critical/missing app to allow inbound routing.
G