SOLVED Update server could not be reached (certificate verify failed?)

[Dicken90]

Hi Everyone,

i wanted to update my FreeNAS 11.2U2 to 11.2U3 but i cant reach the update server anymore :(

Code:

Update server could not be reached

HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

Traceback

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1806, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
_raise_current_error()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 850, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "./freenasUI/system/views.py", line 1686, in update_check
train=updateobj.get_train(),
File "./freenasUI/system/models.py", line 650, in get_train
trains = conf.AvailableTrains() or []
File "/usr/local/lib/freenasOS/Configuration.py", line 973, in AvailableTrains
fileref = self.TryGetNetworkFile(file=TRAIN_FILE, reason="FetchTrains")
File "/usr/local/lib/freenasOS/Configuration.py", line 696, in TryGetNetworkFile
raise url_exc
File "/usr/local/lib/freenasOS/Configuration.py", line 669, in TryGetNetworkFile
stream=True, headers=header_dict)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/raven/breadcrumbs.py", line 326, in send
resp = real_send(self, request, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 640, in send
history = [resp for resp in gen] if allow_redirects else []
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 640, in <listcomp>
history = [resp for resp in gen] if allow_redirects else []
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 218, in resolve_redirects
**adapter_kwargs
File "/usr/local/lib/python3.6/site-packages/raven/breadcrumbs.py", line 326, in send
resp = real_send(self, request, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

Can someone help me with this issue? :(

Greetings

 

[dlavigne]

Is this still an issue for you or was it a transient error?

 

[Dicken90]

the problem still exist :(

 

[Dicken90]

oh, sorry, i found the problem!

my pi-hole Ad Blocker blocked the Update Server

 

[ri100]

Hello,

I have the same issue on a fresh FreeNAS-11.2-U5 installation. However I am not using any kind of Ad Blockers on my network.

Here the error message:

HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)): Automatic update check failed. Please check system network settings.

The host is being properly resolved and I can ping update-master.ixsystems.com from the CLI.

root@freenas[~]# host update-master.ixsystems.com
update-master.ixsystems.com is an alias for update-master.freenas.org.
update-master.freenas.org has address 12.201.205.119

root@freenas[~]# ping -c5 update-master.ixsystems.com
PING update-master.freenas.org (12.201.205.119): 56 data bytes
64 bytes from 12.201.205.119: icmp_seq=0 ttl=45 time=30.957 ms
64 bytes from 12.201.205.119: icmp_seq=1 ttl=45 time=31.221 ms
64 bytes from 12.201.205.119: icmp_seq=2 ttl=45 time=30.878 ms
64 bytes from 12.201.205.119: icmp_seq=3 ttl=45 time=31.484 ms
64 bytes from 12.201.205.119: icmp_seq=4 ttl=45 time=31.548 ms

--- update-master.freenas.org ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 30.878/31.218/31.548/0.270 ms

Any help will be highly appreciated!

Thanks
-Christo

 

[Hans98b]

We have the same issue. As a McAfee proxy is changing the certificate to external web servers, we got this failing update process:

Update server could not be reached
HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

Is there a way to disable this certificate verification?

 

[ri100]

The issue resolved itself for me. I have no idea how and why this happened... I didn't change anything. After 5 days of frustraition it just started working. Maybe it was a glitch at Freenas' update server. I'll never know...

 

[Hans98b]

The check-now function is still failing here for more than a week now. With all previous updates everything went smooth (sevveral 9.x updates and some 11.x updates also)
I'm on FreeNAS-11.2-U4.1 at the moment.
-------------------
Update server could not be reached
HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Traceback
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1806, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
_raise_current_error()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 595, in urlopen
self._prepare_proxy(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 816, in _prepare_proxy
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./freenasUI/system/views.py", line 1686, in update_check
train=updateobj.get_train(),
File "./freenasUI/system/models.py", line 649, in get_train
trains = conf.AvailableTrains() or []
File "/usr/local/lib/freenasOS/Configuration.py", line 973, in AvailableTrains
fileref = self.TryGetNetworkFile(file=TRAIN_FILE, reason="FetchTrains")
File "/usr/local/lib/freenasOS/Configuration.py", line 696, in TryGetNetworkFile
raise url_exc
File "/usr/local/lib/freenasOS/Configuration.py", line 669, in TryGetNetworkFile
stream=True, headers=header_dict)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Close


---
Update server could not be reached
HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Traceback
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1806, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
_raise_current_error()
File "/usr/local/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 595, in urlopen
self._prepare_proxy(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 816, in _prepare_proxy
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/local/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./freenasUI/system/views.py", line 1686, in update_check
train=updateobj.get_train(),
File "./freenasUI/system/models.py", line 649, in get_train
trains = conf.AvailableTrains() or []
File "/usr/local/lib/freenasOS/Configuration.py", line 973, in AvailableTrains
fileref = self.TryGetNetworkFile(file=TRAIN_FILE, reason="FetchTrains")
File "/usr/local/lib/freenasOS/Configuration.py", line 696, in TryGetNetworkFile
raise url_exc
File "/usr/local/lib/freenasOS/Configuration.py", line 669, in TryGetNetworkFile
stream=True, headers=header_dict)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Close

 

[TrumanHW]

Hi everyone. For once I have some helpful info ... (it's floating around but I'll provide it here).

install updates requires you be able to resolve DNS names.

Can you ping google.com from shell .. ?

sudo nano /etc/resolv.conf
added a couple of fast DNS IPs
8.8.8.8
1.1.1.1

During the temporary period in which DNS worked....
I returned to the updates page and...

Installed 11.2 u6 -- (unfortunately for me) SMB problem persists

Some of you may be fortunate and it may fix your SMB issues or, who knows what else. I'm just never one of those 'lucky' ones. :)

Anyone know when a fix for the DNS issue everyone's having ... may be released?
Or when a fix for SMB is coming out?

Thanks

 

[NicklowiczComputers LLC]

under global settings for the network make sure the nameserver and the gateway are set. I thought changing to DHCP under lan interface would change this but this fixed this issue for me

 

[felipe_roessle]

TrumanHW's solution solved the problem, appeared the train list and the options available for download.

 

[dwilliss]

I was having a timeout issue getting the trains.txt file. The suggestion above to check nameserver and gateway led me in the right direction. I had an http proxy set but had updated my firewall and not re-enabled the proxy server yet.

 

[dwilliss]

I spoke too soon. I can retrieve the list of updates, but trying to actually update gives me this error:

None: Max retries exceeded with url: /FreeNAS/FreeNAS-11.2-STABLE/LATEST (Caused by None)

 

[Redcoat]

Looks like a bad/outdated URL to me - what are you trying to do?

 

[dwilliss]

Update from FreeNAS-11.2-U4.1 to the latest according to the System / Update tab in the UI.


The UI shows the following as the available updates

Operation	Name
Upgrade	base-os-11.2-U4.1-90bc29e36f3aa341bfad6c64027b41d5 -> base-os-11.2-U8-8ba69aba1ecc4c3b9aa817078e77f308
Upgrade	freebsd-pkgdb-11.2-U4.1-90bc29e36f3aa341bfad6c64027b41d5 -> freebsd-pkgdb-11.2-U8-8ba69aba1ecc4c3b9aa817078e77f308
Upgrade	freenas-pkg-tools-11.2-U4.1-90bc29e36f3aa341bfad6c64027b41d5 -> freenas-pkg-tools-11.2-U8-8ba69aba1ecc4c3b9aa817078e77f308
Upgrade	FreeNASUI-11.2-U4.1-90bc29e36f3aa341bfad6c64027b41d5 -> FreeNASUI-11.2-U8-8ba69aba1ecc4c3b9aa817078e77f308

When I click on Fetch and Install Updates, it fails on "Retrieving update manifest"
It also fails the same way if I click "Apply Pending Update"

The strange thing is, I can open a shell and execute the following just fine:

Code:

wget https://update-master.ixsystems.com/FreeNAS/FreeNAS-11.2-STABLE/LATEST

 

[Redcoat]

Are you not being offered 11.3 as a choice?

 

[dwilliss]

No, I'm not. I'm being offered FreeNAS-11.2-STABLE and TrueNAS-12.0-Nightlies.

 

[Redcoat]

There was at least one previous thread about this https://www.ixsystems.com/community...-option-to-upgrade-to-11-3-from-11-2u7.82008/

If the "log out and log back in again a few times", also refreshing your browser cache, doesn't work for you, I'd go download the latest version and make a new install (after saving my config for reload).

 

[niklasniklas]

I'm facing this problem after i applied the 11.2U8 update.

I have tried the suggested fixes but can't get it to work.

The "current train" in the webui update is empty.

DNS is configured, gateway is set, i can resolve the host and ping it. Pi hole is disabled. I have logged in and out and retried multiple times.

 

[jpi]

Also seeing this. The system is using 8.8.8.8 for DNS and can resolve the update server listed below just fine.

Just updated to FreeNAS-11.2-U8 from FreeNAS-11.2-U3. Plan was to then go to 11.3-U5 or greater then to 12.x. Guess I will wait a bit and try again. Will post back if it self resolves.

HTTPSConnectionPool(host='update-master.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/trains.txt (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)): Automatic update check failed. Please check system network settings.