Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    GUI not accessible after 26.03 update

    Scheduled Pinned Locked Moved webGUI
    6 Posts 4 Posters 207 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      phibster
      last edited by phibster

      I was using a 1024 bit self-signed certificate with my GUI for internal HTTPS only. After applying the 26.03 update the GUI no longer loads and checking /var/log/nginx/error.log I see the following:

      2026/04/20 16:35:38 [emerg] 52097#101560: SSL_CTX_set0_chain("/var/etc/cert.crt") failed (SSL: error:0A00018D:SSL routines::ca key too small)

      Is there a way to correct this as I used this pfSense as the CA for all my local self-signed certificates and don't really want to go through the hassle of re-installing new certificates to those devices (if possible!!!)

      luckman212L GertjanG 2 Replies Last reply Reply Quote 0
      • luckman212L Offline
        luckman212 LAYER 8 @phibster
        last edited by

        @phibster you can (re)generate the webconfigurator certs from the console with

        pfSsh.php playback generateguicert

        but I'm pretty sure you're going to need to manually trust the new cert on your devices.

        P 1 Reply Last reply Reply Quote 1
        • GertjanG Offline
          Gertjan @phibster
          last edited by

          @phibster said in GUI not accessible after 26.03 update:

          I was using a 1024 bit self-signed certificate with my GUI for internal HTTPS only. After applying the 26.03 update the GUI no longer loads and checking /var/log/nginx/error.log I see the following:

          ..... > (your) ca key (is) too small)

          True.
          Recent version of OpenSSL won't trust/accept 1024 bit keys anymore.

          here : Netgate Releases pfSense Plus Software Version 26.03

          Somehow the upgrade process managed not to inform you about :

          d267fa42-f679-476e-9f31-fd265a9ed85c-image.png

          @phibster said in GUI not accessible after 26.03 update:

          go through the hassle of re-installing new certificates to those devices

          Be careful.
          Everything and everybody uses openssl. If one of these device also upgrades its firmware, you wind up with the same problem.
          I guess you're in for some hassle ^^

          No "help me" PM's please. Use the forum, the community will thank you.

          1 Reply Last reply Reply Quote 0
          • P Offline
            phibster @luckman212
            last edited by

            @luckman212 said in GUI not accessible after 26.03 update:

            @phibster you can (re)generate the webconfigurator certs from the console with

            pfSsh.php playback generateguicert

            but I'm pretty sure you're going to need to manually trust the new cert on your devices.

            Thank you! This got it working. Now to regenerate a new larger CA and local certificates.

            1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              Did you have a single self-signed GUI certificate, or did you have a local self-signed CA and a GUI certificate signed by that CA?

              The upgrade code in 26.03 checks for and auto-generates new GUI certs if it detects one that would fail to run, but there are a lot of edge cases out there it couldn't cover.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              P 1 Reply Last reply Reply Quote 0
              • P Offline
                phibster @jimp
                last edited by

                @jimp said in GUI not accessible after 26.03 update:

                local self-signed CA and a GUI certificate signed by that CA

                I had the local CA and gui cert signed.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.