Print Page - unable to update and openVPN not working

Title: unable to update and openVPN not working
Post by: aniki on December 15, 2025, 04:10:10 PM

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.1.12 (amd64) at Fri Jan 13 10:10:09 +08 2023
Fetching changelog information, please wait... Certificate verification failed for /CN=pkg.opnsense.org (9)
0020E16F063C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Waiting for another process to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: Repository SunnyValley has a wrong packagesite, need to re-create database
Waiting for another process to update repository SunnyValley
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
pkg: Repository SunnyValley has a wrong packagesite, need to re-create database
pkg: Repository SunnyValley cannot be opened. 'pkg update' required
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

OPENVPN
192.168.8.26:38490 TLS Error: TLS handshake failed
It was working before

Title: Re: unable to update and openVPN not working
Post by: aniki on December 15, 2025, 04:11:01 PM

btw version:

OPNsense 25.1.12-amd64
FreeBSD 14.2-RELEASE-p4
OpenSSL 3.0.17

Title: Re: unable to update and openVPN not working
Post by: aniki on December 15, 2025, 04:12:31 PM

root@OPNsense:/usr/local/etc/pkg/repos # pkg update
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/meta.txz: Authenticat ion error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/packagesite.pkg: Auth entication error
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /CN=pkg.opnsense.org (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/25.1/latest/packagesite.txz: Auth entication error
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: Repository SunnyValley has a wrong packagesite, need to re-create database
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
pkg: https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.4/15f31d87-2bb7-4 d1b-9bc1-7402cfe34a3d/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
pkg: https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.4/15f31d87-2bb7-4 d1b-9bc1-7402cfe34a3d/packagesite.pkg: Authentication error
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
Certificate verification failed for /C=US/O=Google Trust Services/CN=WE1 (9)
002041C469260000:error:0A000086:SSL routines:tls_post_process_server_certificate :certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890 :
pkg: https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.4/15f31d87-2bb7-4 d1b-9bc1-7402cfe34a3d/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Error updating repositories!

Title: Re: unable to update and openVPN not working
Post by: aniki on December 15, 2025, 04:26:41 PM

solved, it was a time sync issue

sudo ntpdate -u time.google.com

Title: Re: unable to update and openVPN not working
Post by: franco on December 15, 2025, 05:21:09 PM

Nice catch.

That's one of the reasons why the date is in the update output but it's easy to miss the way that OpenSSL handles this as a "general protection fault" instead of being forward about it :)

> Currently running OPNsense 25.1.12 (amd64) at Fri Jan 13 10:10:09 +08 2023

And:

% git grep X509_V_ERR_CERT_NOT_YET_VALID
x509_vfy.h:# define X509_V_ERR_CERT_NOT_YET_VALID 9

There's your error (9).

Cheers,
Franco

OPNsense Forum

English Forums => 25.1, 25.4 Series => Topic started by: aniki on December 15, 2025, 04:10:10 PM