Unable To Update opnsense after adding Acme

[normanos]

Posting in general discussion, if wrong, just move to correct place, please.
  I have 1 year business license, but when I added nginx reverse proxy with Acme external cert, I can't properly update opnsense.  Getting this error:

...Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916:
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz: Authentication error
Unable to update repository mimugmail
Error updating repositories!
pkg: Repository OPNsense cannot be opened....

I found that need to delete System > Trust > Authorities R3 (Acme Client).
Deleted, worked fine. Few days later same error is back. What I doing wrong?

Thank You

[franco]

Which old version are you using? Any 22.1 in particular shouldn't have this issue anymore.


Cheers,
Franco

[normanos]

Sorry, forgot:

OPNsense 22.4.1-amd64
FreeBSD 13.0-STABLE

[franco]

For now please remove mimugmail repository. Our mirrors do not have this issue.

Not knowing if you set "Store intermediate" under System: Settings: General which makes this particular problem reappear since the chain for acme-client is fudged beyond repair and OpenSSL can't handle the confusion of intermediate transition done for ancient Android devices by the Let's Encrypt team.


Cheers,
Franco

[normanos]

Thank You Franco!

This "Store intermediate" was checked. I unchecked it and works fine.

   Problem Solved!!!

[franco]

ok, great to hear :)