Messages

Hello franco,

it was indeed a policy issue.
There was a policy of two upstream firewalls, which only allowed access to https://opnsense-update.deciso.com.

This worked until update 24.10_7, which required the mentioned access to rapidssl & digicert.

Authentication error - most likely license expired OR time is off by more than 5 minutes on the device

Hey newsense,

thanks for the reply.

Sadly that should not be the issue.
The device time is pretty spot on and the subscription key works if I try to access https://opnsense-update.deciso.com/$license_key/
Also the dashboard says that the device is licensed until later this year.

I want to add that i have this issue on two devices. Both updated via GUI from 24.4.3_1 to 24.10_7 into this issue.

I updated from version 24.4.3_1 to 24.10_7 with no issues. But f I try to update further i get the error message:

Could not authenticate the selected mirror.


and the following error:

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.10_7 at Wed Apr 16 08:10:15 CEST 2025
Fetching subscription information, please wait... Could not load CRL file /tmp/libfetch_crl.25041608
fetch: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/subscription: Authentication error
Fetching changelog information, please wait... Could not load CRL file /tmp/libfetch_crl.25041608
fetch: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/packagesite.pkg: Authentication error
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pkg: 1.19.2_2 -> 1.19.2_5

Number of packages to be upgraded: 1

4 MiB to be downloaded.
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
Could not load CRL file /tmp/libfetch_crl.25041608
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/All/pkg-1.19.2_5.pkg: Authentication error
***DONE***
The CRL file contains:

Code Select Expand

# [i] fetch certificate for https://opnsense-update.deciso.com
# [i] fetch CRL from http://cdp.rapidssl.com/RapidSSLTLSECCCAG1.crl
# [i] fetch CRL from http://crl3.digicert.com/DigiCertGlobalRootG3.crl

I tried the following things to no avail:

1.
System->Trust->Settings-> check Auto fetch CRL's

2.
rm /tmp/libfetch_crl.*

both resulted in the same error after trying to update from GUI again.

I'm not relly sure what to do next and would need some help.

Thanks.