25.4.1 Failures when running 'Check for Update'

[charles.adams]

So I clicked on "click to check for update" on the lobby page and instead of finding nothing to update (as expected) I got the below error and it did not complete the check:

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.4.1 (amd64) at Mon Jun  9 20:15:10 CDT 2025
Strict TLS 1.3 and CRL checking is enabled.
Fetching subscription information, please wait... done
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 875 packages processed.
Updating SunnyValley repository catalogue...
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/packagesite.pkg: Authentication error
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=zenarmor.net (44)
0020611EE81C0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/25.1/${SUBSCRIPTION}/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
Is this a me (I configured something wrong), a OPNSense, or a Zenarmor error?

[franco]

Zenarmor switched domains and it looks like their new certificate being served from zenarmor.com is actually from zenarmor.net

I'm sure they will get lots of reports and fix it soon.


Cheers,
Franco

[sy]

Hello,

Thank you for bringing this to our attention. Our team is currently investigating the issue, and we aim to resolve it promptly.

[sy]

Hi,

The domain change appears to impact only the business edition, while the community edition remains unaffected. We have implemented a temporary workaround on the repository server. Starting with the next release, the repository server address in the configuration will be updated to "zenarmor.net".