OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • Unable to check for updates.
« previous next »
  • Print
Pages: 1 [2]

Author Topic: Unable to check for updates.  (Read 9622 times)

Taomyn

  • Sr. Member
  • ****
  • Posts: 444
  • Karma: 20
    • View Profile
Re: Unable to check for updates.
« Reply #15 on: September 30, 2021, 06:16:28 pm »
Quote from: KHE on September 30, 2021, 06:12:33 pm
Do you use other repositories? The one from @minugmail has also this issue. And if one repository having issues, then the update is not possible via WebGUI.


Yes that must be it because I use their "os-unboundcustom-maxit" plug-in, and I notice all the plug-ins show as "(orphaned)" as well.
Logged

dcol

  • Hero Member
  • *****
  • Posts: 635
  • Karma: 51
    • View Profile
Re: Unable to check for updates.
« Reply #16 on: September 30, 2021, 06:18:17 pm »
Probably has something to do with those certs that expired yesterday. Sure it will be fixed soon.
Logged

KHE

  • Full Member
  • ***
  • Posts: 229
  • Karma: 18
    • View Profile
Re: Unable to check for updates.
« Reply #17 on: September 30, 2021, 06:31:36 pm »
Just to share my solution:
  • remove any 3th party repros from /usr/local/etc/pkg/repos/
  • change either to a http mirror or to dns-root.de
  • update
I will wait for a fix for the LE certs, then I will add the 3th party repros again.
Logged

human_usb

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Unable to check for updates.
« Reply #18 on: September 30, 2021, 06:46:56 pm »
I'm getting this issue too, and had to flip to an HTTP mirror to upgrade. I don't have any custom repos installed.
Logged

logicaltech

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Unable to check for updates.
« Reply #19 on: September 30, 2021, 07:01:05 pm »
Quote from: KHE on September 30, 2021, 06:31:36 pm
Just to share my solution:
  • remove any 3th party repros from /usr/local/etc/pkg/repos/
  • change either to a http mirror or to dns-root.de
  • update
I will wait for a fix for the LE certs, then I will add the 3th party repros again.

I just tried your solution and that resolved the issue.  Thank you!
Logged

japtain.cack

  • Newbie
  • *
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Unable to check for updates.
« Reply #20 on: September 30, 2021, 08:59:47 pm »
I believe this is the issue:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

I used the cloudflare CDN mirror which seemed to allow updates to work. A large portion of the internet, for TLS anyway, is broken right now until people update their root CAs. Blocklists are also broken due to the same reason I believe. DNS over TLS is also affected.

I was able to delete the LetsEncrypt CA, then regenerate the LE cert. It created a new cert under the new R3 CA properly. This fixed my UI/HAProxy issues, but you'll need to update all your settings that referenced the old cert. For instance under the opnsense settings for the web UI. However, some endpoints, like the update repo mirrors, seem to still be using expired root CAs in their cert chain. Nothing we can do until everyone updates their TLS certs.
« Last Edit: September 30, 2021, 11:53:08 pm by japtain.cack »
Logged

japtain.cack

  • Newbie
  • *
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Unable to check for updates.
« Reply #21 on: October 08, 2021, 12:38:03 am »
I am now able to use the default mirror. No certificate issues appear anymore.
Logged
  • Print
Pages: 1 [2]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • Unable to check for updates.
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2