Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force license resync?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 542 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      teward
      last edited by

      We have a 23.05 system that is on pfSense Plus but has a problem: it can't authenticate. Signing keys are likely out of date. There's no GUI way to resync the license.

      Is there a command line way to force a license resync with Netgate servers so that our system gets updated certs/keys for authenticating to the update repos?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Run: pfSense-repoc to pull new client certs.

        The GUI does that anyway though so you probably have some other issue.

        Steve

        T 1 Reply Last reply Reply Quote 1
        • T
          teward @stephenw10
          last edited by teward

          @stephenw10 said in Force license resync?:

          Run: pfSense-repoc to pull new client certs.

          The GUI does that anyway though so you probably have some other issue.

          Steve

          If the GUI did that automatically and properly, then the box in question wouldn't have "Authentication Error" on repository updates per the logs. With this system being a direct-to-internet system, the suggested "troubleshoot" for "Authentication Error" response being "you have a proxy somewhere in line" doesn't apply at this point in the docs.

          This seems to be a repeat-offender case since the changes to pfSense PLUS behind the scenes, my guess is signing keys were invalidated but the GUI doesn't actually properly run pfSense-repoc when you go to the page, likely because of some difference internally.

          Additionally, we encountered the bug again in 23.05 which I mentioned privately - the Packages page does not error out on Available Packages when it fails with "Authentication Error" nor does the Upgrades page for available versions, which is a MAJOR bug that we need to make sure is patched in 23.09 or later.

          Regardless, running pfSense-repoc at the command line seems to have forced a resync of the keys and certs, which worked fine. Both the package list and upgrades' available versions showed updated versions now.

          Perhaps we should add this to that section. "If you are sure that there is no proxy needed, then try refreshing your client certs by running pfSense-repoc"

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Hmm, maybe you have disabled the dashboard upgrade check? If so you would need to visit to update page manually to trigger repoc.

            T 1 Reply Last reply Reply Quote 0
            • T
              teward @stephenw10
              last edited by

              @stephenw10 Nah, this is behaving like the previous systems where it just has a loss of its client certs. I visited the page twice on the GUI in 23.05 and it didn't work. Dashboard upgrade check IS in fact present, enabled, but still did authentication errors. So if it did run repoc, it failed hard on the backend and didn't trigger any output.

              Which is why I asked how to force the resync manually in case it failed somewhere along the line - forcing it to resync manually fixed the issues it was having.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Hmm, interesting. I don't recall there being an issue in 23.05. Still glad you were able to get past it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.