Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    certificate error while running pkg update 2024

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 5 Posters 3.7k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      badjoodani
      last edited by badjoodani

      Re: certificate error while running pkg update

      While running
      pkg-static -d update

      I get the following:
      DBG(1)[44343]> pkg initialized
      Updating pfSense-core repository catalogue...
      DBG(1)[44343]> PkgRepo: verifying update for pfSense-core
      DBG(1)[44343]> PkgRepo: need forced update of pfSense-core
      DBG(1)[44343]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
      DBG(1)[44343]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf
      DBG(1)[44343]> curl_open
      DBG(1)[44343]> Fetch: fetcher used: pkg+https
      DBG(1)[44343]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf

      DBG(1)[44343]> CURL> attempting to fetch from , left retry 3

      • Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults

      • Trying 208.123.73.207:443...

      • Connected to pkg00-atx.netgate.com (208.123.73.207) port 443

      • ALPN: curl offers http/1.1

      • CAfile: none

      • CApath: /etc/ssl/certs/

      • SSL certificate problem: self-signed certificate in certificate chain

      • Closing connection
        DBG(1)[44343]> CURL> attempting to fetch from , left retry 2

      • Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults

      • Trying 208.123.73.209:443...

      • Connected to pkg01-atx.netgate.com (208.123.73.209) port 443

      • ALPN: curl offers http/1.1

      • CAfile: none

      • CApath: /etc/ssl/certs/

      • SSL certificate problem: self-signed certificate in certificate chain

      • Closing connection
        DBG(1)[44343]> CURL> attempting to fetch from , left retry 1

      • Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults

      • Hostname pkg00-atx.netgate.com was found in DNS cache

      • Trying 208.123.73.207:443...

      • Connected to pkg00-atx.netgate.com (208.123.73.207) port 443

      • ALPN: curl offers http/1.1

      • CAfile: none

      • CApath: /etc/ssl/certs/

      • SSL certificate problem: self-signed certificate in certificate chain

      • Closing connection
        pkg-static: An error occured while fetching package
        DBG(1)[44343]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.txz
        DBG(1)[44343]> curl_open
        DBG(1)[44343]> Fetch: fetcher used: pkg+https
        DBG(1)[44343]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.txz

      JUST in case I also tried:
      pkg-static upgrade -f pfSense-repoc

      and got:
      Updating pfSense-core repository catalogue...
      pkg-static: An error occured while fetching package
      pkg-static: An error occured while fetching package
      repository pfSense-core has no meta file, using default settings
      pkg-static: An error occured while fetching package
      pkg-static: An error occured while fetching package
      Unable to update repository pfSense-core
      Updating pfSense repository catalogue...
      pkg-static: An error occured while fetching package
      pkg-static: An error occured while fetching package
      repository pfSense has no meta file, using default settings
      pkg-static: An error occured while fetching package
      pkg-static: An error occured while fetching package
      Unable to update repository pfSense
      Error updating repositories!

      ANy and ALL help would be appreciated ( I have tried all 3 2.7.0, 2.7.1 and 2.7.2 ) and the gui web portal method doesn't work either.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Run: certctl rehash Then check again.

        B 2 Replies Last reply Reply Quote 2
        • B Offline
          badjoodani @stephenw10
          last edited by

          @stephenw10

          Thank You! THANK YOU!

          , ran it and then re-ran:

          pkg-static upgrade -f pfSense-repoc

          And got:

          Updating pfSense-core repository catalogue...
          Fetching meta.conf: . done
          Fetching packagesite.pkg: . done
          Processing entries: . done
          pfSense-core repository update completed. 4 packages processed.
          Updating pfSense repository catalogue...
          Fetching meta.conf: . done
          Fetching packagesite.pkg: ....... done
          Processing entries:
          Newer FreeBSD version for package voucher:
          To ignore this error set IGNORE_OSVERSION=yes

          • package: 1400094
          • running kernel: 1400085
            Ignore the mismatch and continue? [y/N]: pkg-static: repository pfSense contains packages for wrong OS version: FreeBSD:14:amd64
            Processing entries... done
            Unable to update repository pfSense
            Error updating repositories!

          Then CHecked the gui Web Panel for "update" and got UPDATES WORKING AGAIN!

          1 Reply Last reply Reply Quote 2
          • B Offline
            badjoodani @stephenw10
            last edited by

            @stephenw10

            The following 1 package(s) will be affected (of 0 checked):

            Installed packages to be UPGRADED:
            pfSense-kernel-pfSense: 2.7.0 -> 2.7.2 [pfSense-core]

            Number of packages to be upgraded: 1

            The process will require 2 MiB more space.
            [1/1] Upgrading pfSense-kernel-pfSense from 2.7.0 to 2.7.2...
            [1/1] Extracting pfSense-kernel-pfSense-2.7.2: .......... done
            ===> Keeping a copy of current kernel in /boot/kernel.old

            Removing unnecessary packages... done.
            System is going to be upgraded. Rebooting in 10 seconds.
            Success

            ...

            Version 2.7.2-RELEASE (amd64)
            built on Fri Dec 8 14:55:00 CST 2023
            FreeBSD 14.0-CURRENT

            The system is on the latest version.
            Version information updated at Fri Jan 12 11:17:59 CST 2024

            That did the trick!

            1 Reply Last reply Reply Quote 1
            • T Offline
              tknospdr
              last edited by

              @badjoodani said in certificate error while running pkg update 2024:

              pkg-static -d update

              Had the same issue, rehash fixed it for me.
              Thanks! But I thought that the latest versions of pfsense did that automatically.

              stephenw10S 1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator @tknospdr
                last edited by

                @tknospdr said in certificate error while running pkg update 2024:

                I thought that the latest versions of pfsense did that automatically.

                They do! But if you're on 2.7.0 still it doesn't and the rehash may be required.

                Also of note is that it only remains valid for one boot, which is why you might see 2.7.2 available and then not be able to upgrade to it.

                T 1 Reply Last reply Reply Quote 0
                • T Offline
                  tknospdr @stephenw10
                  last edited by

                  @stephenw10

                  Ah ha, I was also being told that I was up to date on my pfSense install until I did this fix. Now it's showing me the 2.7.2 update is available.
                  Safe to do so or are there any gotcha's I should look out for?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    Should be good to upgrade from 2.7.0 to 2.7.2. Of course always backup the config first. 😉

                    T 1 Reply Last reply Reply Quote 0
                    • T Offline
                      tknospdr @stephenw10
                      last edited by

                      @stephenw10

                      Well I tried to upgrade one of my packages and got a 'new major PHP' error, so I went to run the system update and it's gone again.

                      The rehash is no longer working. I did that, then:

                      pkg-static -d update

                      And got a 'no repositories configured' error.

                      GertjanG stephenw10S 2 Replies Last reply Reply Quote 0
                      • GertjanG Online
                        Gertjan @tknospdr
                        last edited by

                        @tknospdr said in certificate error while running pkg update 2024:

                        Well I tried to upgrade one of my packages

                        You mean : you've upgraded to 2.7.2 and now you can't upgrade packages ?
                        That's a new issue then. But nothing really serious. Hundreds of thousands use 2.7.2 right now, and can update install packages just fine.

                        Or you still on 2.7.0 and tried to install or upgrade packages ? That's 'forbidden', you broke the law ^^ ( Well, you can try, but, as shown, if pfSense uses - example - PHP 8.1 and the packages uses (presumes) PHP 8.2 which is the latest version, it will also update your PHP from 8.1 to 8.2, and that will break the GUI, => break your entire pfSense )
                        You can only install / upgrade pfSense packages when you are using the latest OS, as packages present on the pfSense Netgate packages are build against the latest avaible FreeBSD OS, PHP version, etc etc.

                        See it like this : you have Windows 7 and you want to install 'Office 365' : you can't. First upgrade the OS to a supported level, and then do your shopping for programs.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        T 1 Reply Last reply Reply Quote 0
                        • T Offline
                          tknospdr @Gertjan
                          last edited by

                          @Gertjan

                          Yes, I did the second. If it’s gonna break that hard it should stop you, or at a minimum tell you it’s a ‘Really Bad Idea(tm).

                          So I tried rebooting and now the entire system is down. That seems like it’s a little too fragile a system if it’s that easy to hose the whole thing.

                          I’ll have to toss a monitor on it and see what’s going on.

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator @tknospdr
                            last edited by

                            @tknospdr said in certificate error while running pkg update 2024:

                            Well I tried to upgrade one of my packages

                            Indeed, don't do that. 😉

                            If you are seeing 2.7.2 available then you are also seeing packages from 2.7.2 and if you try to install one it may not be compatible with 2.7.0 Here it failed to install because the php version is different.

                            First thing to try is setting the branch again in the update settings.

                            1 Reply Last reply Reply Quote 0
                            • T Offline
                              tknospdr
                              last edited by

                              Wow, I don't know what happened. Monitor is not seeing any video out from the pf box.
                              I'm a Mac guy, how do you boot into the bios thing? F2 or something right?

                              patient0P 1 Reply Last reply Reply Quote 0
                              • GertjanG Online
                                Gertjan @tknospdr
                                last edited by Gertjan

                                @tknospdr said in certificate error while running pkg update 2024:

                                or at a minimum tell you it’s a ‘Really Bad Idea(tm).

                                It's less then that : no hand holding, no pop-upss, just a simple

                                https://pfsense-docs.netlify.app/install/upgrade-guide#packages

                                69e1a053-029b-4fb8-8744-83811a55b3fe-image.png

                                if you can't update 2.7.2 because you are on the latest version, you can have a look at, and use the packet manager.

                                Things are better these days. In the early days, a simple packet upgrade without upgrading pfSense first could really break everything.
                                For some reason (what do I know ?) there is no version specific package update upgrade server.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                1 Reply Last reply Reply Quote 0
                                • patient0P Offline
                                  patient0 @tknospdr
                                  last edited by

                                  @tknospdr what kind of box is it?

                                  If it's a box with HDMI, that often won't work if there was no monitor connected to it when you booted it up (reboot necessary with monitor connected and switched on). If you got a serial console then connect that.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    It shouldn't be possible to break the install by upgrading a pkg like that, I agree.

                                    From 23.09 onwards the new pkg branches are opt-in only to prevent that happening.

                                    1 Reply Last reply Reply Quote 0
                                    • T Offline
                                      tknospdr
                                      last edited by

                                      My hardware wasn't actually shutting down by holding the button. I pulled the plug and restarted and then it booted to a screen with a yellow "SHELL>" prompt.

                                      So I downloaded the 2.7.2 installer and put it on a stick and reinstalled from scratch.
                                      Then logged in and uploaded my latest backup.
                                      After a restart it got stuck on this screen twice.

                                      I then pulled the plug again expecting to have to start from scratch, but when it powered on the 3rd time I had my config back.

                                      So I'm up and running again with the latest version installed.

                                      Let that be a lesson to everyone. DO BACKUPS. It saved me hours of time, plus I'm sure I've forgotten all the tricks I learned while setting up the first time.

                                      IMG_2399.jpeg

                                      1 Reply Last reply Reply Quote 1
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.