24.11 -> 25.07

beerguzzle

It would be nice if the line said:

Extracting ca_root_nss-3.104_1, rehashing certs (be patient)....

dnf/yum style updates keep coughing up dots every few seconds as they work, to give you a clue that something is happening and the process is not hung. That didn't happen here.

I was wondering if the update had had a coronary, but I wisely kept my mitts off the keyboard and refilled my beer glass instead.

Zermus

@beerguzzle No I didn't get that far. It just said whatever the first thing it says, Initializing or something then just booted me out of the web console, 403 Forbidden. SSH and console locked out too.

I've never seen anything like it in the 10 years I've been using pfSense lol

stephenw10

Hmm. What was it lead you to think rc.init was damaged? Just that it didn't boot?

I've love to see a console log if you can get it.

Zermus

@stephenw10

That's all I see lol. Boom 403, ssh locked.

Zermus

Zermus

Ok rebuilding that VM again lol

Zermus

I wish I could tell you what caused it to screw up but like I said it boots me out, 403 Forbidden on web, SSH I think gripes about the same rc.initial missing once I authenticate. It pretty much hoses the system up.

beerguzzle

@Zermus

I always take a VM snapshot before updates/patches/major finagling so I can revert if it blows up.

Zermus

@beerguzzle Yup that's why I have this one. I got jumpy and wish I wouldn't have started my other mini-pc update. I don't have time to fix it today but it's at least passing traffic and keeping VPN tunnels up for now in it's crippled state lol.

stephenw10

Hmm, if you can replicate that try running the upgrade from the console directly using menu option 13.

Zermus

Hey all — just went through a rough upgrade from 24.11 to 25.07 on Proxmox VM AND standalone hardware that left the system in a half-broken state. Hoping this helps others avoid or recover from the same issues.

Symptoms I encountered
pkg broken: ld-elf.so.1: Shared object "libmd.so.7" not found

pfSense-upgrade claimed everything was up to date but /etc/version still showed 24.11

GUI upgrade caused a crash / boot loop

Repositories threw trusted key errors:
pkg-static: Error opening the trusted directory /usr/local/share/pfSense/keys/pkg/trusted
pkg-static: Error loading trusted certificates
pkg-static couldn't fetch anything — packages not found or signature errors

No way to rollback (bare metal)

️ How I fixed it
Step 1: Update with pkg-static and ignore version mismatch

env IGNORE_OSVERSION=yes pkg-static update -f

Step 2: Temporarily disable signature verification
Edit this file:
vi /usr/local/etc/pkg/repos/pfSense.conf
Change both repos to:
signature_type: "none"
If the file is a symlink (e.g. to pfSense-repo-0001.conf), edit the actual file in /usr/local/etc/pfSense/pkg/repos/.

Step 3: Update repo URLs to point to 25.07
Example:
sed -i '' 's/v24_11/v25_07/g' /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001.conf
Then refresh again:
env IGNORE_OSVERSION=yes pkg-static update -f

Step 4: Force reinstall core pfSense packages
env IGNORE_OSVERSION=yes pkg-static install -fy pfSense-base pfSense-kernel-pfSense pfSense-default-config pfSense-repo pfSense-upgrade pfSense pfSense-boot
If it prompts to upgrade pkg, allow it.

Step 5: Trigger the upgrade handler
pfSense-upgrade -d
If it still doesn’t change the version, run:
pfSense-upgrade -d -c

Step 6: Reboot
reboot
Success Confirmation
After reboot:

cat /etc/version
Should return:
25.07-RELEASE

And:
uname -a
Should show:
FreeBSD 15.0-CURRENT blah blah 25.07...
Final Notes
I suspect MAAAAAAAAYBE having the CrowdSec beta package installed may have complicated the upgrade? I'm not 100% sure on this, but it's a possibility. I still reinstalled it afterward the upgrade again cause it's badass and needs to be fully supported as a package.

GUI upgrade kept crashing and bricking the box — CLI was the only viable path.

NOTE: Always snapshot before upgrades if you're using ZFS or VM-based installs.

stephenw10

@Zermus said in 24.11 -> 25.07:

I suspect MAAAAAAAAYBE having the CrowdSec beta package installed may have complicated the upgrade?

Does that require adding a 3rd part repo? If so it could definitely cause a problem.

Zermus

@stephenw10 No it doesn't install a 3rd party repo. However... it could possibly

Mess with shared libraries (libmd.so, libssl.so, etc.) getting replaced or misaligned.
Create conflicts in /etc/rc.conf, init scripts, or pkg metadata.
OS version expectations (pkg or pfSense-upgrade behaving strangely).