Update fails on fresh TrueNAS install

TrueNAS General
1

Hi, I am new to TrueNAS.

I get a certificate Error when I try to search for updates

Cannot connect to host update.ixsystems.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)')]

Traceback (most recent call last):File “/usr/lib/python3/dist-packages/aiohttp/connector.py”, line 1098, in _wrap_create_connectionreturn await self._loop.create_connection(*args, **kwargs, sock=sock)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3.11/asyncio/base_events.py”, line 1113, in create_connectiontransport, protocol = await self._create_connection_transport(^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3.11/asyncio/base_events.py”, line 1146, in _create_connection_transportawait waiterFile “/usr/lib/python3.11/asyncio/sslproto.py”, line 578, in _on_handshake_completeraise handshake_excFile “/usr/lib/python3.11/asyncio/sslproto.py”, line 560, in _do_handshakeself._sslobj.do_handshake()File “/usr/lib/python3.11/ssl.py”, line 979, in do_handshakeself._sslobj.do_handshake()ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):File “/usr/lib/python3/dist-packages/middlewared/api/base/server/ws_handler/rpc.py”, line 323, in process_method_callresult = await method.call(app, params)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/api/base/server/method.py”, line 52, in callresult = await self.middleware.call_with_audit(self.name, self.serviceobj, methodobj, params, app)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 911, in call_with_auditresult = await self._call(method, serviceobj, methodobj, params, app=app,^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 731, in _callreturn await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 624, in run_in_executorreturn await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3.11/concurrent/futures/thread.py”, line 58, in runresult = self.fn(*self.args, **self.kwargs)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 178, in nfreturn func(*args, **kwargs)^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/plugins/update.py”, line 105, in get_trainstrains_data = self.middleware.call_sync(‘update.get_trains_data’)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1030, in call_syncreturn self.run_coroutine(methodobj(*prepared_call.args))^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1070, in run_coroutinereturn fut.result()^^^^^^^^^^^^File “/usr/lib/python3.11/concurrent/futures/_base.py”, line 449, in resultreturn self.__get_result()^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3.11/concurrent/futures/_base.py”, line 401, in _get_resultraise self.exceptionFile "/usr/lib/python3/dist-packages/middlewared/plugins/update/trains.py", line 63, in get_trains_data**(await self.fetch(f"{self.update_srv}/trains.json"))^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File "/usr/lib/python3/dist-packages/middlewared/plugins/update/trains.py", line 25, in fetchasync with client.get(url) as resp:File “/usr/lib/python3/dist-packages/aiohttp/client.py”, line 1359, in aenterself._resp: _RetType = await self._coro^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/aiohttp/client.py”, line 663, in _requestconn = await self._connector.connect(^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/aiohttp/connector.py”, line 563, in connectproto = await self._create_connection(req, traces, timeout)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/aiohttp/connector.py”, line 1032, in _create_connection_, proto = await self._create_direct_connection(req, traces, timeout)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/aiohttp/connector.py”, line 1366, in _create_direct_connectionraise last_excFile “/usr/lib/python3/dist-packages/aiohttp/connector.py”, line 1335, in _create_direct_connectiontransp, proto = await self._wrap_create_connection(^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File “/usr/lib/python3/dist-packages/aiohttp/connector.py”, line 1100, in _wrap_create_connectionraise ClientConnectorCertificateError(req.connection_key, exc) from excaiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host update.ixsystems.com:443 ssl:True [SSLCertVerificationError: (1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)’)]

Could it be, that I need to manually add Certificate Authorities?

2

Most likely not, i don’t use a CA on my truenas and it updates just fine.
It may be that your time is too far out of sync and the update server refuses the connection.
Please check if you bios time is set to UTC and your local time is set through the truenas webui.

1 Like
3

System Time is correct

I checked bios time and that was off by an hour. I guess Daylight savings time issue

I set it to current time

Issue is still persistent

4

So I got the solution. It wasn’t a TrueNAS problem.

Somehow my Sophos XGS blocked the traffic due to a missing Heartbeat.

Didn’t have that issue with other OSs like Proxmox or Homeassistant

But now I whitelisted it and it works.

Thanks anyways!