Unable to check for updates.

zerothaught · Jan 1, 2024

Hello,

Are there any specific ports besides 443 that need to be opened for automatic updates? Upon selecting the option I get the following error message:

Cannot connect to host update.ixsystems.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')]: Automatic update check failed. Please check system network settings.

I have confirmed that I have my gateway and default route set properly. My timezone is set to UTC in my BIOS and OS and can be confirmed by using the date command. I also get the following message when running wget update.ixsystems.com

ERROR: The certificate of 'update.ixsystems.com' is not trusted
ERROR: The certificate of 'update.ixsystems.com' doesn't have a known issuer

Is there a CA I need to install to get this working? I have dug through ~20 forums posts and most just say it's a timeserver issue.

Thanks

morganL · Jan 1, 2024

zerothaught said:
Hello,

Are there any specific ports besides 443 that need to be opened for automatic updates? Upon selecting the option I get the following error message:

Cannot connect to host update.ixsystems.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')]: Automatic update check failed. Please check system network settings.

I have confirmed that I have my gateway and default route set properly. My timezone is set to UTC in my BIOS and OS and can be confirmed by using the date command. I also get the following message when running wget update.ixsystems.com

ERROR: The certificate of 'update.ixsystems.com' is not trusted
ERROR: The certificate of 'update.ixsystems.com' doesn't have a known issuer

Is there a CA I need to install to get this working? I have dug through ~20 forums posts and most just say it's a timeserver issue.

Thanks

Can you verify the motherboard time and the system time?

zerothaught · Jan 2, 2024

Yeah, I've set the time in the BIOS to be the same as the system time (UTC). It doesn't have a timezone setting, but it was set manually.

zerothaught · Jan 2, 2024

morganL said:
Can you verify the motherboard time and the system time?

I have also set it via IPMI:

zerothaught · Jan 2, 2024

Just for reference there is a screenshot I just took from the BIOS as well:

I am central time. You can see the difference between my PC and the BIOS.

Redcoat · Jan 2, 2024

zerothaught said:
I am central time. You can see the difference between my PC and the BIOS.

Should that not be 1 hour difference, not 2?

danb35 · Jan 2, 2024

Redcoat said:
Should that not be 1 hour difference, not 2?

One hour? Two? The screen shot posted shows a difference of six hours, from 3:29 PM (15:29) to 21:29--which is correct for Central time in the US.

I don't think this is a date/time issue; those would ordinarily give a different error. But I'm not sure what it is. @zerothaught, what version of TrueNAS are you currently running?

Redcoat · Jan 2, 2024

danb35 said:
One hour? Two? The screen shot posted shows a difference of six hours, from 3:29 PM (15:29) to 21:29--which is correct for Central time in the US.

Yes - but in post #4 we see that system time is set at UTC +5 (EST), hence my question ref the +6 of the screenshot of the BIOS, reflecting CST as you say.

I don't know what message the date/time error would produce, not having experienced it recently.

zerothaught · Jan 2, 2024

Redcoat said:
Yes - but in post #4 we see that system time is set at UTC +5 (EST), hence my question ref the +6 of the screenshot of the BIOS, reflecting CST as you say.

I don't know what message the date/time error would produce, not having experienced it recently.

That screenshot was taken later. Sorry for the confusion. They are both UTC (BIOS and server)

danb35 said:
One hour? Two? The screen shot posted shows a difference of six hours, from 3:29 PM (15:29) to 21:29--which is correct for Central time in the US.

I don't think this is a date/time issue; those would ordinarily give a different error. But I'm not sure what it is. @zerothaught, what version of TrueNAS are you currently running?

I am on version 22.12.3.2.

zerothaught · Jan 4, 2024

I have also tried opening all ports going out as a test and that didn't resolve the issue.

danb35 · Jan 4, 2024

I wouldn't expect 22.12.3.2 to have an out-of-date certificate store. What's the output of openssl s_client -connect update.ixsystems.com:443 -showcerts?

zerothaught · Jan 4, 2024

danb35 said:
I wouldn't expect 22.12.3.2 to have an out-of-date certificate store. What's the output of openssl s_client -connect update.ixsystems.com:443 -showcerts?

Thank you for this suggestion. Running that command showed me that they are using umbrella which reminded me of OUR umbrella policy. That is what was blocking the updates. Once I disable umbrella's policy, I was immediately able to connect! Thanks everyone!

Important Announcement for the TrueNAS Community.

Unable to check for updates.

zerothaught

Dabbler

morganL

Captain Morgan

zerothaught

Dabbler

zerothaught

Dabbler

zerothaught

Dabbler

Redcoat

MVP

danb35

Hall of Famer

Redcoat

MVP

zerothaught

Dabbler

zerothaught

Dabbler

danb35

Hall of Famer

zerothaught

Dabbler

Similar threads