OPNsense Forum

English Forums => General Discussion => Topic started by: bubbagump on January 06, 2021, 11:33:13 pm

Title: Updates fail "Could not authenticate the selected mirror."
Post by: bubbagump on January 06, 2021, 11:33:13 pm

The title says it all. I can't seem to update the box and when I do I get the error "Could not authenticate the selected mirror."

I tried from the command line and got:

Code: [Select]

Fetching change log information, please wait... Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
3472375263232:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/sets/changelog.txz.sig: Authentication error
That sent up a red flag - that's the self signed certificate on the box?!

Then I tried curl just to see what's up:

Code: [Select]

*   Trying 89.149.211.205:443...
* Connected to pkg.opnsense.org (89.149.211.205) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /usr/local/etc/ssl/cert.pem
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
DNS seems to resolve to the right IP and a connection is made. https://imgur.com/a/XtQVxTN (https://imgur.com/a/XtQVxTN)

I'm stumped. Any ideas?

Title: Re: Updates fail "Could not authenticate the selected mirror."
Post by: bubbagump on January 08, 2021, 03:57:53 am

I figured it out. Sigh.... I had a gateway set to a CARP VIP on the box that instead of trying to connect to the Master holding the VIP, it looped back to itself. i don't follow why specifically, but once I deleted the VIP off the Backup, everything worked.