最近遇到一台遠距的pfsense防火牆版本是2.5.1,想更新作業系統版本卻一直出現「unable to check for updates」,該如何排除呢?跟小編一起來排查問題吧!
一、透過SSH登入
二、手動更新
指令語法:
pkg-static update -f
會出現大量的告警訊息(看起來是憑證失效了)
Certificate verification failed for /CN=*.netgate.com 34369253376:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_v2_5_1_amd64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=*.netgate.com 34369253376:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_v2_5_1_amd64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=*.netgate.com 34369253376:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_v2_5_1_amd64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=*.netgate.com 34369253376:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_v2_5_1_amd64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=*.netgate.com
緩解錯誤訊息的心情,本圖片為示意圖,與本文章內容無關。
三、手動編輯更新檔案
指令語法:
vi /usr/local/etc/pkg/repos/pfSense.conf
※將檔案內的https變更為http
四、透過web UI進行作業系統更新
※如果還是無法順利進行版本更新檢查,就反覆進行第三跟第四步驟。