Various d/l errors since March
-
I just noticed these errors when the daily script executes. Most d/ls work but afew are having problems.
I have active subscriptions so not sure what's going on.
Version 3.2.1_20 on 24.11 SG-3100
[ Myip_BL6_v6 ] Downloading update . cURL Error: 60 SSL certificate problem: unable to get local issuer certificate Retry [1] in 5 seconds... . cURL Error: 60 [ 06/6/25 22:45:33 ] SSL certificate problem: unable to get local issuer certificate Retry [2] in 5 seconds... . cURL Error: 60 [ 06/6/25 22:45:39 ] SSL certificate problem: unable to get local issuer certificate |Myip_BL6_v6|https://www.myip.ms/files/blacklist/csf/latest_blacklist.txt| Retry [3] in 5 seconds... .. Unknown Failure Code [0]
And
[ Talos_BL_v4 ] Downloading update .. 403 Forbidden [ pfB_PRI1_v4 - Talos_BL_v4 ] Download FAIL [ 06/6/25 23:45:26 ] DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.
In summary, things mostly broke last month on the 9th.
====================[ IPv4/6 Last Updated List Summary ]============== Jan 3 06:40 Abuse_SSLBL_v4 May 9 17:45 QUIC_ASN_List_custom_v4 May 9 17:45 QUIC_CIDR_List_custom_v4 May 9 17:45 MyBlockedDomains_custom_v4 May 9 17:46 QUIC_ASN_List_custom_v6 May 9 17:46 QUIC_CIDR_List_custom_v6 May 19 07:21 Spamhaus_Drop6_v6 Jun 4 01:53 Spamhaus_Drop_v4 Jun 5 08:07 Spamhaus_eDrop_v4 Jun 6 00:30 ET_Block_v4 Jun 6 00:44 ISC_Errata_v4 Jun 6 16:41 ET_Comp_v4 Jun 6 21:53 CINS_army_v4 Jun 6 23:30 ISC_Block_v4 Jun 6 23:40 Abuse_Feodo_C2_v4 Jun 6 23:45 MyBlockedDomains_custom_v6
-
Similar issue here since April but only with the Myip_BL6 feed. My only other IPv6 feed, Spamhaus_Drop6, and all my IPv4 feeds continue to update without error.
I spent about an hour trying to trouble-shoot this but came up either empty or with suggestions to go about complicated, manual certificate installations. For something that just worked two months ago.
So I disabled the feed. Wasn't worth the trouble. But if it's happening to others it might be a more widespread problem than just me and one other person.
Plus v24.11 with pfBlockerNG 3.2.0_16 and all system patches in System_Patches 2.2.20_5 applied. Other packages installed are:
apcupsd
Cron
mailreport
Status_Traffic_TotalsKind of a more or less plain vanilla system.
-
@lohphat In my custom list I'm just trying to resolve AS and domain to IP4 or IP6 CIDR blocks. That was all working fine.
Has the internal lookup to resolve domains and AS changed? THe lookup type is still set to "Auto" as the parser should "just work" as it was.
Is the service used for domain and AS resolution gone away?
-
@lohphat I don't know about your other errors - but the error with myip.ms is related to issue with their cert, they are not providing the full chain. Your browser can grab it - but curl doesn't do that, so since its not trusted they can not verify it, etc.
See this thread, and a work around for that one site.
https://forum.netgate.com/topic/197712/curl-certificate-error
-
Pretty sure the Talos feed is the one that they said was supposed to be a demo/preview and put it behind a login so people would stop using it. Try to download it yourself and see what you get.
-
@SteveITS Seems I've been blocked.
https://talosintelligence.com/documents/ip-blacklist
My setting were to pull daily. It was working for over a year.
-