OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • restored configuration broke updates by certificate verification failed
« previous next »
  • Print
Pages: [1]

Author Topic: restored configuration broke updates by certificate verification failed  (Read 2308 times)

fgendorf

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
restored configuration broke updates by certificate verification failed
« on: October 01, 2021, 12:59:23 pm »
Hi, I just restore a backup configuration and the updates stop working by follow error:

Quote
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.2_1 (amd64/OpenSSL) at Fri Oct  1 07:31:55 -03 2021
Fetching changelog information, please wait... Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
4043429134336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/sets/changelog.txz.sig: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
pkg: https://mirror.cloudfence.com.br/opnsense/FreeBSD:12:amd64/21.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
pkg: https://mirror.cloudfence.com.br/opnsense/FreeBSD:12:amd64/21.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

I think is because intermediate certificate was changed and restore backup recover the old one, how can I force the /etc/ssl/cert.pem to be updated by the new one again?
Logged

Nikotine

  • Jr. Member
  • **
  • Posts: 56
  • Karma: 1
    • View Profile
Re: restored configuration broke updates by certificate verification failed
« Reply #1 on: October 01, 2021, 01:11:12 pm »
I'm having the same issue today, though I didn't restore anything. I think the repo's are having issues.

EDIT: Most likely related to this: https://forum.opnsense.org/index.php?topic=24950.msg119916#msg119916
« Last Edit: October 01, 2021, 01:16:28 pm by Nikotine »
Logged

KHE

  • Full Member
  • ***
  • Posts: 229
  • Karma: 18
    • View Profile
Re: restored configuration broke updates by certificate verification failed
« Reply #2 on: October 01, 2021, 02:06:18 pm »
If it is just for updates, this worked for me: https://forum.opnsense.org/index.php?topic=24968.msg119846#msg119846

My fix for more problems I had (Not working DoT): https://forum.opnsense.org/index.php?topic=24973.msg119883#msg119883

If you do not use the ACME Client plugin, this seems to work for some people: https://forum.opnsense.org/index.php?topic=24950.msg119873#msg119873

KH
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • restored configuration broke updates by certificate verification failed
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2