Something is Broken with the 25.11 Installation
-
First attempt to upgrade from 25.07.1 to 25.11 failed, unfortunately I did not catch what the error was and the system rebooted back into 25.07.1. I looked at the log files and didn't see anything obvious.
So I tried the upgrade again and it appeared to work. However, I noticed the next day that I did not receive any email notifications from the system. I had not issue receiving these in 25.07.1 (or previous versions). The message displayed in the GUI was:
"Could not send the message to X@Y.org -- Error: PLAIN authentication failure [SMTP: STARTTLS failed {enableCrypto: false; crypto_method: STREAM_CRYPTO_METHOD_TLS_CLIENT (121); attempts: 1; E_WARNING (2): stream_socket_enable_crypto(): SSL: Permission denied} (code: 220, response: 2.0.0 Ready to start TLS)]"
The syslog showed:
"/system_advanced_notifications.php: Could not send the message to X@Y.org -- Error: PLAIN authentication failure [SMTP: STARTTLS failed {enableCrypto: false; crypto_method: STREAM_CRYPTO_METHOD_TLS_CLIENT (121); attempts: 1; E_WARNING (2): stream_socket_enable_crypto(): SSL: Permission denied} (code: 220, response: 2.0.0 Ready to start TLS)]"
I tried different settings for the notifications tab and could not get anything to work. I verified that I can send emails to the same address from another system.
So I tried renewing the acme cert I use for the system and got the following output from the GUI:
"[Wed Dec 17 17:22:59 PST 2025] Cannot init API for: https://acme-v02.api.letsencrypt.org/directory.
[Wed Dec 17 17:22:59 PST 2025] Sleeping for 10 seconds and retrying....repeated 8 more times...
[Wed Dec 17 17:22:59 PST 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
...repeated 8 more times...
[Wed Dec 17 17:24:30 PST 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Wed Dec 17 17:24:40 PST 2025] Cannot init API for https://acme-v02.api.letsencrypt.org/directory"Something is seriously messed up with 25.11!
-
Acme "Sleeping for 10 seconds and retrying" ?
Go here : Maybe some one else sees it .... -
Do you also have IPv6 and have it set as preferred?
-
S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
-
I looked thru that post, I have a dual IPv4/IPv6 stack.
Looking at the System upgrade tab, I do see the dreaded "pfSense-repoc: failed to fetch the repo data" message.
I will reboot back into 25.07.1 and set the "prefer IPv4" switch and see what happens.
-
@stephenw10 I do have IPv6 set as preferred. Based on the thread Gertjan provide I try the upgrade again with prefer IPv4 enabled and report back.
-
Mmm, that would be good to test. Though I'm not aware of any particular issue with IPv6.
-
@stephenw10 Ok.
Is there something different you suggest I try?
I haven't rebooted my box with the 25.07.1 boot partition yet, is there some info I can get you before I do?
-
So simply setting IPv6 preferred in the existing 25.11 BE didn't change anything?
-
@stephenw10 Have not done this yet since others in the family were using the network. I'll do it early tomorrow morning.
Is there any info from the "broken" 25.11 install I can get you before I reboot?
-
Doing that does nothing to client traffic it only effects traffic generated by the firewall itself so it should be safe to set and test any time.
-
Booted back into 25.07.1 yesterday. Today I tried to upgrade to 25.11 again with similar results.
- I watched the upgrade output in the GUI and did not see any errors. I also had the FW hooked up to a monitor so I could watch it's out. It took about 15 minutes for the FW to go thru its boot up. Any reason why it would hang up at this spot for over 10 minutes?
-
I was able to successfully send a test message from the notification tab.
-
I tried to renew a certificate within acme and it failed with the same results.
-
On the system update page I get the following:
Looking at the errors:
-
And you tried setting the firewall to prefer IPv4?
-
@stephenw10 Yes.
-
Hmm, what does
pkg -d updateshow there? -
@stephenw10 Here's the output
[25.11-RELEASE][...]/root: pkg -d update
pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating pfSense-core repository catalogue...
DBG(1)[2897]> PkgRepo: verifying update for pfSense-core
DBG(1)[2897]> Pkgrepo, begin update of '/var/db/pkg/repos/pfSense-core/db'
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-core/meta.conf
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-core/meta.txz
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
repository pfSense-core has no meta file, using default settings
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-core/data.pkg
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-core/data.tzst
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-core/packagesite.pkg
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-core/packagesite.tzst
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[2897]> PkgRepo: verifying update for pfSense
DBG(1)[2897]> Pkgrepo, begin update of '/var/db/pkg/repos/pfSense/db'
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-pfSense_plus_v25_11/meta.conf
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-pfSense_plus_v25_11/meta.txz
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
repository pfSense has no meta file, using default settings
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-pfSense_plus_v25_11/data.pkg
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-pfSense_plus_v25_11/data.tzst
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-pfSense_plus_v25_11/packagesite.pkg
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
DBG(1)[2897]> (fetch) Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v25_11_amd64-pfSense_plus_v25_11/packagesite.tzst
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occurred while fetching package: No error
Unable to update repository pfSense
Error updating repositories! -
That's 3 attempts at an upgrade from 25.07.1 to 25.11 with 3 failures!
Any idea what might be broken?
-
I did updating to 25.11 now two times:
1st: my appliance SG-3100 (from 25.07.1)
2nd: a VM with a test environment (from 22.x -> 23.x-> 24.x and finally 25.11).To be honest: the VM is only used internally, but both went smooth and I couldnt find any issue yet.
BTW: the VM is also configured for sending mails and it works perfect.But provider here only offers IPv4, I asked for a IPv6 and was told this is only for "business users".
Seems, they are not really very prepared for future...
Regards
-
What does:
pfSense-repoc-static -Nshow? Also errors? -
Also try:
pkg -dd updateThat should give us more useful error output there. It might be a lot.
-
@stephenw10 said in Something is Broken with the 25.11 Installation:
Also try:
pkg -dd updateThat should give us more useful error output there. It might be a lot.
What we want to see is the Level 2 output that would get emitted between
DBG(1)[2897]> (fetch) Fetch: fetcher used: pkg+httpsand
pkg: An error occurred while fetching package: No error
