update error

Started by tudou, August 14, 2021, 10:27:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 14, 2021, 10:27:15 AM
opnsense   
Version   21.7.1   
Architecture   amd64   
Flavour   OpenSSL   
Commit   ec466867c   
Mirror   https://opnsense.aivian.org/FreeBSD:12:amd64/21.7   
Repositories   OPNsense, SunnyValley, mimugmail   
Updated on   Wed Aug 4 16:35:02 CST 2021   
Checked on   N/A


***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Sat Aug 14 16:17:47 CST 2021
Fetching changelog information, please wait... Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
4764836020224:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: transfer timed out
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
4016512311296:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
4016512311296:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
August 14, 2021, 03:10:07 PM #1
Hi,

at the time of writing it is 14th August 2021 7:05 CST. The log shows you ran the update on 14th August 2021 16:17 h CST (4:17 pm).
You firewall has the wrong time. This could lead to this error.

KH
August 14, 2021, 03:22:06 PM #2
Looking at the CN it's pushed over a (local?) HTTPS transparent proxy. That doesn't work for updates...


Cheers,
Franco
August 15, 2021, 01:59:59 AM #3
I am in China, so change update server to mirror CN.
August 15, 2021, 09:04:16 AM #4
Unless the great firewall uses OPNsense web proxy to intercept using a self-signed certificate I still think that you hit the same error no matter what mirror you use. A HTTP mirror would probably help though sidestepping the SSL interception issue.


Cheers,
Franco
Print
Go Up Pages1
User actions