How to renew freenas-pre-certui? Bad cert was generated, expired 9 years ago

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
An alert. "Certificate 'freenas-pre-certui' is expiring within -3101 days." Checking the cert, it ran from Wed Sep 7 01:02:33 2011 to Fri Oct 7 01:02:33 2011, which is not only long before I started using FreeNAS, but it's older than the server it's on. Some clock issue at install/upgrade time I guess, though that doesn't explain the one month duration. I only noticed it about two months ago, but since it's only a domestic machine I didn't care enough and just marked the alert as read. Now I have time on my hands...

Fine with having another self-signed, but I can't seem to find instructions on where&how to fix this up. I see it in System/Certificates. Can I just generate another one then delete old and add new? I presume the name is fixed; any other requirements? Being deleted would have major repercussions for the GUI, I will set it to HTTP only first. Does anything else use the cert that'll need refreshing/restarting manually?
 
Last edited:

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Should I be concerned that there doesn't appear to be a way to do this?
 

Jenlain74

Cadet
Joined
Dec 20, 2017
Messages
5
I have the same alert :
WARNING
Certificate 'freenas-pre-certui' is expiring within -2231 days.
Fri, 27 Mar 2020 08:48:49 AM (Europe/Paris)

And I'm asking myself the same questions...
 

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Seems like the sort of thing the installer ought to look for and perhaps renew, given it is core functionality.
 

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Anyone? I guess I should post a bug about it, if there isn't any way to do it currently.
 

Harrison

Dabbler
Joined
Apr 28, 2014
Messages
24
Seeing the same issue in Version: FreeNAS-11.3-U2:
WARNING
Certificate 'freenas-pre-certui' is expiring within -2059 days.
 

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Last edited:

DeeEyeNL

Cadet
Joined
Apr 15, 2020
Messages
3
I'm also getting this warning / alert in FreeNAS-11.3-U2
WARNING
Certificate 'freenas-pre-certui' is expiring within -2071 days.
 

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Just to note that I just built a new box from scratch, and only got a freenas_default cert this time, with sensible dates (although it expires in 2022, and it'd be useful to have a "refresh cert" button by then!

I don't have that freenas_default cert on my machine Sisyphus, which was a new build around April last year. Only the described freenas-pre-certui exists on that system.
 

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Ticket has been closed as a duplicate of the ticket I pointed out it wasn't a duplicate of. No resolution for these weird leftover certs, or documentation for how to do anything about them. Not very impressed.
 

giuseppe30

Dabbler
Joined
Dec 20, 2020
Messages
36
new installation TrueNas 12.0-U2 and for some reason certificate freenas_default are expired in 2011.

News for refresh it?
 

hilton8r

Dabbler
Joined
Apr 5, 2015
Messages
32
Sorry to post on an old thread, but I've had a critical alert for freenas-pre-certui with start date 20140324 / end date 20140423 for as long as I can remember. I just jumped up to TrueNas 12.0-U4.1, but it's still an issue. I thought about deleting the cert, but wanted to search for the umpteenth time for a solution before doing something I would regret. I don't see any way to generate a new cert. Has anyone found a solution for this yet? I haven't been able to find any direction so far. Thanks...
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
There's a CA integrated right in the UI. What exactly is your problem with generating a new cert?
 

hilton8r

Dabbler
Joined
Apr 5, 2015
Messages
32
Patrick, I saw the option to delete the cert when clicking on the 3 dots to the right. I didn't see an option to create a new cert.

I've had this error for so long, and I always figured it would resolve itself. But honestly, I didn't understand much about certifications. All of my searches seemed to return threads showing people having the same problem as me, but no resolution. I do recall reading that the cert code was modified around 11.3 if I remember correctly.

After reading you response, I went back, and now I'm embarrassed that I didn't see the blue add button... Thank you for your reply. I appreciate it, and I think I'm good to go now. Take care.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Keep in mind that you need to create a CA first. Then you can create and sign new certificates.
 

marcevan

Patron
Joined
Dec 15, 2013
Messages
432
There's a CA integrated right in the UI. What exactly is your problem with generating a new cert?
I created a CA since a new Cert needs one.

Then I created a new Cert.

Tried to delete the existing FreeNAS-pre-CertUI and got [ebusy] as the cert is in use....

Error: Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 367, in run
await self.future
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 405, in __run_body
rv = await self.middleware.run_in_thread(self.method, *([self] + args))
File "/usr/local/lib/python3.9/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 979, in nf
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/crypto.py", line 2063, in do_delete
self.middleware.call_sync('certificate.check_dependencies', id)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1272, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1312, in run_coroutine
return fut.result()
File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 438, in result
return self.__get_result()
File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 390, in __get_result
raise self._exception
File "/usr/local/lib/python3.9/site-packages/middlewared/service.py", line 612, in check_dependencies
raise CallError('This object is being used by other objects', errno.EBUSY,
middlewared.service_exception.CallError: [EBUSY] This object is being used by other objects
 
Last edited:

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
I filled out everything for the new CA but "submit" is still greyed out. All (*) fields are filled so it's not lacking any required field.
Screenshot of all fields and content, please.
 

marcevan

Patron
Joined
Dec 15, 2013
Messages
432
Top