Hi,
I fired up my old apu and did a fresh install of 22.7. Whilst that all went well I keep getting this error when trying to check from updates from the console and in the gui...
Enter an option: 12
Fetching change log information, please wait... Certificate verification failed for /C=BE/O=GlobalSign nv-sa/CN=GlobalSign GCC R3 DV TLS CA 2020
34389172224:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/sets/changelog.txz: Authentication error
Any ideas?
thanks
Possibly the bad ACME bundles from System: Trust: Authorities that are installed in your system.
Cheers,
Franco
this is a fresh install downloaded today...?
First of all you cropped the error but didn't give the full log which can hide numerous issues to no benefit of being able to support you.
Secondly, you could still have restored an older config.xml and chose to not tell us.
Cheers,
Franco
Hi Franco
I did not install any previous settings or configs. This was a completly fresh install - no tweaks or otherwise.
I have also seen this message as well in case its of any interest. I didn't crop the logs - I displayed what was displayed ...
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Sun Jul 31 12:30:48 BST 2022
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
Quote from: skyeci2018 on July 31, 2022, 01:34:44 PM
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Sun Jul 31 12:30:48 BST 2022
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
Same issue here after upgrading from 22.1 to 22.7, updates failing with transfer timed out error, tried other mirrors and failing as well
Fresh install today, no restore from config file and same issue.
Same for me. Seems like there's something wrong with an update server.
What shows for System > Firmware > Status > Connectivity ?
It should show a failure to the repository that can be worked on.
Is your date/time set accurately ?
If not, is your dns working ?
If not, temporarily set dns to something simple like 8.8.8.8, then sync clock
Interesting... i just did this today with no issue.
Quote from: Dav3 on August 01, 2022, 12:01:15 AM
Is your date/time set accurately ?
If not, is your dns working ?
If not, temporarily set dns to something simple like 8.8.8.8, then sync clock
I tried this as well and still not working, anyway this issue appeared just after upgrading to 22.7 so there must be something broken with this release.
I don't see any evidence supporting this yet. Make it sound like we don't generally test firmware upgrades for a major upgrade...
Connectivity audits now please. Change your mirror to see if that helps.
Cheers,
Franco
Quote from: franco on August 01, 2022, 09:20:13 AM
I don't see any evidence supporting this yet. Make it sound like we don't generally test firmware upgrades for a major upgrade...
Connectivity audits now please. Change your mirror to see if that helps.
As previously reported I already tried switching to many different mirrors and the result is the same.
Also there are no issues with the connectivity from my side
This is really really bogus because the OP stated:
Fetching change log information, please wait... Certificate verification failed for /C=BE/O=GlobalSign nv-sa/CN=GlobalSign GCC R3 DV TLS CA 2020
34389172224:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/sets/changelog.txz: Authentication error
And you CANNOT get that error with another mirror.
So that's what you get for cross-posting "same issue" and I'm unwilling to debug your local issue further. Good luck.
Cheers,
Franco
Is it possible to roll back the upgrade- if so how do you do it?
Many thanks
What's our issue here? I keep asking the same question and I don't get an answer other than "but it's broken". If you can't check for firmware is that your only issue or are your clients not working or what else...
Cheers,
Franco
Hi Franco.
Whilst I dont want to confuse matters as soon as the upgrade was applied my latency on the wan port has doubled. Never had any issues on the old version and I didn't reset my fibre connection. I would like to revert it . More concerned about the latency sudden increase at the present.
Thanks
Fair enough. The quickest way is certainly this:
# opnsense-bootstrap -r 22.1
DISCLAIMER: 22.7 to 22.1 is likely safe but in general I would recommend avoiding downgrades in such a way.
After reboot to reenable the upgrade do this:
# rm /usr/local/opnsense/version/pkgs
Cheers,
Franco
Same problem here, after an update to 22.7
See the attachment.
do you have a public DNS server listed for Wan gateway under
system > settings > general?
https://docs.opnsense.org/manual/settingsmenu.html
DNS servers
A list of DNS servers, optionally with a gateway. These DNS servers are also used for the DHCP service, DNS services and for PPTP VPN clients. When using multiple WAN connections there should be at least one unique DNS server per gateway.
2 public and 3 domain controllers
Thanks Franco. I opted not to revert and pulled another unit which is a spare on the latest revision for testing/comparison.
The 2 issues on 2 box's were
1) updates failing to check etc
2) soon as the update was applied to my live box out of hours this morning my wan latency increased from historical 6.5ms (over 12 months) to 15ms for both ipv4 and ipv6...
Anyway I'm pleased to say for now everything is working. I reset the time, changed dns settings which seems to have resolved the failure with regards to updates.
I don't know if this is literally the cause of the latency issue but I could replicate it across 2 units. After a lot of messing about I removed my stored duid and disabled/re-enabled ipv6 within opnsense. Both gateways are back to 6.5ms so for now all appears well.
Thanks