Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot update SG-2440, the repo won't verify certs

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 3 Posters 67 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      JonH
      last edited by

      Trying to update old 2440. I started with factory reset and am now at Depricated 2.4.5 and cannot update to 22.02.x. The update screen never gives the checkmark to proceed. I have tried many of the suggestions in several posts and gone through all the steps on Troubleshooting Upgrades page. Every time I try something I see failed for /CN=*.netgate.com. I've run 7 or so different cmds in console and in Diagnostic Command Page. One command does not work, certctl rehash. "Command not found".

      I realize there have been a lot of updates since where I am at with my 2440 but I saw someone post that they got theirs updated so pulled it out of the basement and thought I'd give it a go.

      This machine is not on zfs but has a 20gig ssd I installed a few years ago.

      /root: pkg-static info -x pfSense-upgrade
pfSense-upgrade-0.88   <<---This seems weird!!

[2.4.5-RELEASE][root@pfSense.localdomain]/root: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
pkg-static: Repository pfSense-core missing. 'pkg update' required
pkg-static: No package database installed.  Nothing to do!
Updating pfSense-core repository catalogue...
Certificate verification failed for /CN=*.netgate.com
34369400832:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_02_2_amd64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=*.netgate.com
<..snipped..>
pkg-static: https://pkg00-atx.netgate.com/pkg/pfSense_plus-v21_02_2_amd64-pfSense_plus-v21_02_2/packagesite.txz: Authentication error
Unable to update repository pfSense
Error updating repositories!
      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @JonH
        last edited by

        @JonH

        Yeah, that's way to old.
        Most server certificates expired everywhere.
        The method of accessing Netgate update/upgrade server have changed.
        Etc.

        The fastest solution would be : go TAC, request a firmware for your device, burn it to a USB disk, and clean install.

        To get ZFS you have to 're-partition' the disk anyway, so a complete re install is pretty mandatory.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S Online
          stephenw10 Netgate Administrator
          last edited by

          Yes I would just reinstall clean from there. Just be sure to backup your config if you need it. You probably could get it to upgrade but it's going be a number of steps, it would take a while!

          Check the system clock is close to reality. Try running certctl rehash if you want to try upgrading.

          J 1 Reply Last reply Reply Quote 0
          • J Offline
            JonH @stephenw10
            last edited by

            @stephenw10 said in Cannot update SG-2440, the repo won't verify certs:

            Check the system clock is close to reality. Try running certctl rehash if you want to try upgrading.

            As stated in my original post, certctl returns "command not found".
            I did check the clock and it was within seconds of the correct time.

            Thanks for the suggestions.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.