No way to download pfsense
-
Hi!
I wanted to make a fresh install of 2.2.4 32bit nano/serial/4GB and tried to download. All European sites are not reachable, time out etc.
For the Austin/NY site Firefox (up to date, both Linux and Win 7) does not establish a secure connection (see below), BluegrassNet also "unable to connect".
So currently no way to download pfsense?
Regards
chemlud
PS: attaching .jpg is beyond the capabilities of this forum, so the error from Texas/NY is "This connection is untrusted" and "invalid security certificate"
[pfsense download.jpg](/public/imported_attachments/1/pfsense download.jpg) -
Tried it from two different connections, cable and fibre, same result… What's next?
-
All 6 mirrors listed @ https://www.pfsense.org/download/mirror.php?section=downloads#mirrors work just fine here
I also get zero untrusted certificates.Sounds like a good time to talk to your ISP.
http://www.downforeveryoneorjustme.com/files.bgn.pfsense.org
http://www.downforeveryoneorjustme.com/files.nyi.pfsense.org
http://www.downforeveryoneorjustme.com/files.atx.pfsense.org
etc… -
I can not connect to any of the six mirrors, sorry… Here the error for Austin and NY:
files.nyi.pfsense.org uses an invalid security certificate. The certificate is only valid for the following names: *.pfsense.org, pfsense.org (Error code: ssl_error_bad_cert_domain)
files.atx.pfsense.org uses an invalid security certificate. The certificate is only valid for the following names: *.pfsense.org, pfsense.org (Error code: ssl_error_bad_cert_domain)
Results in:
This Connection is Untrusted
You have asked Firefox to connect securely to files.nyi.pfsense.org, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Dunno what to tell the providers. You want to suggest it's some kind of crippled internet in Sweden? The mother of all democracy? :-D
-
Uh… Have you considered using HTTP? It's not like those links on the download page are HTTPS either. You told us "all European sites are not reachable, time out" - no, they don't.
-
https-everywhere is running on firefox…
hasn't been a problem in the past, anyways...
-
There's nothing like installing idiotic browser extensions. Have a nice day.
-
Du mich auch… :-p
-
PS: attaching .jpg is beyond the capabilities of this forum, so the error from Texas/NY is "This connection is untrusted" and "invalid security certificate"
BTW, attaching jpg here works fine… perhaps look into removing couple more of your browser "improvements".
-
Germany, ISP German Telekom, time is 15:46 here, no chance to download the files with Opera latest and FF
latest without any extensions!With MS IE11 & IE12 the downloads are starting immediately or instantly.
-
Are you as well trying via HTTPS? Then stop.
-
The certs being used show as valid via every single check I can think to do on them.. They are clearly wild card certs.. this kind of makes that obvious *.pfsense.org
As to using https to mirrors.. That would be up to the mirrors themselves if they support https or not and certs used again would be on them.
As to attaching jpg files there is no issues that I see with doing that, how about not putting in spaces of files names your trying to attach to some system to use.
I have accessed it with ie, firefox, chrome without any issues.
-
Yeah, there's no problem with certs where they are used. When people switch HTTP links to HTTPS on download mirrors or whatever, the certs are no longer valid, because those are another subdomain, would require another set of wildcard certs (waste of money) or redoing the DNS.
-
Yeah, there's no problem with certs where they are used. When people switch HTTP links to HTTPS on download mirrors or whatever, the certs are no longer valid, because those are another subdomain, would require another set of wildcard certs (waste of money) or redoing the DNS.
Exactly. User error, not pfsense error.
-
May I repeat that it hasn't been a problem in the past to download via https. Why is it explicitly forbidden now to use https for downloading?
-
Not forbidden, but consider this:
if your browser can't 'resolve' the certificate it receives from the web server, then …. things start to error.Looking at this error:
files.nyi.pfsense.org uses an invalid security certificate. *The certificate is only valid for the following names: .pfsense.org, pfsense.orgfiles.nyi.pfsense.org is a sub domain of *.pfsense.org - but, somehow, your browser says : it isn't. That's scarry.
In that case: better forget about https with that browser, use your 'plan B' browser. -
It's the latest firefox, both Windows and Linux. There is no plan B.
-
It's the latest firefox, both Windows and Linux. There is no plan B.
That's not a reliable situation.
IF Firefox manages to send over a new version with a huge bug (let's say: certificate checking ;)), you will not be able to 'surf' anymore, neither repair (== upgrade) your Firefox.
On most Windows system, somewhere, IE is still present for the 'in case of' situations. -
I do not upgrade all systems at the same time. So there is always a way back. No, IE is eliminated on my Win systems.
There is no problem with firefox, huh? Might just be somewhat strict with the certificates.
But as usual in this forum, everything is fine with pfsense, always the user is just a bloddy id*ot… Got it!
btw: Why exactly is https not allowed for downloads?
-
btw: Why exactly is https not allowed for downloads?
If you actually read this thread, already been answered. Instead of relying on broken-by-design addons (if the author wasn't an idiot, he'd try some prefetch and only force HTTPS if no certificate errors were encountered). *.pfsense.org certs will NOT work for *.subdomain.pfsense.org; it hasn't worked in any browser for years, it hasn't worked in Firefox since 2012. This behavior conforms to relevant standards, no bug there. https://bugzilla.mozilla.org/show_bug.cgi?id=495339
