OPNsense Forum
English Forums => General Discussion => Topic started by: normanos on July 05, 2022, 02:26:09 pm
-
Posting in general discussion, if wrong, just move to correct place, please.
I have 1 year business license, but when I added nginx reverse proxy with Acme external cert, I can't properly update opnsense. Getting this error:
...Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916:
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz: Authentication error
Unable to update repository mimugmail
Error updating repositories!
pkg: Repository OPNsense cannot be opened....
I found that need to delete System > Trust > Authorities R3 (Acme Client).
Deleted, worked fine. Few days later same error is back. What I doing wrong?
Thank You
-
Which old version are you using? Any 22.1 in particular shouldn't have this issue anymore.
Cheers,
Franco
-
Sorry, forgot:
OPNsense 22.4.1-amd64
FreeBSD 13.0-STABLE
-
For now please remove mimugmail repository. Our mirrors do not have this issue.
Not knowing if you set "Store intermediate" under System: Settings: General which makes this particular problem reappear since the chain for acme-client is fudged beyond repair and OpenSSL can't handle the confusion of intermediate transition done for ancient Android devices by the Let's Encrypt team.
Cheers,
Franco
-
Thank You Franco!
This "Store intermediate" was checked. I unchecked it and works fine.
Problem Solved!!!
-
ok, great to hear :)