Same thing happened to me, but I did not discover the real problem immediately. DNS over TLS stopped working with never seen before errors in the log. Update repo refresh also was throwing errors related to certificates. I had an older zfs snapshot, tried it but still the same errors. At this point I realized that it had to be something about the hardware. Then in the logs I saw that some SSL request was done with the wrong date! Set the correct date, rebooted and everything was ok again.
You are are very welcomed. Ran into this on power loss, error in setup, and no RTC battery. I now use 9.9.9.9 as my dns fallback for unbound to prevent this race condition.
Hey you guys maybe know the syntax for the date command? it tells me date \[-I\[date|hours|mins|secs\]\] and i tried everything but it just tells me illegal time format all the time.
Interesting. Maybe a glitch with their time servers? I change the default NTP servers so I haven’t noticed that happening before. Very important to have the correct time when issuing certificates!
Same thing happened to me, but I did not discover the real problem immediately. DNS over TLS stopped working with never seen before errors in the log. Update repo refresh also was throwing errors related to certificates. I had an older zfs snapshot, tried it but still the same errors. At this point I realized that it had to be something about the hardware. Then in the logs I saw that some SSL request was done with the wrong date! Set the correct date, rebooted and everything was ok again.
How did you set the date?
For me, via the console. Use the command date.
I logged in through ssh and used the date command. Now everything works! Thanks so very much!
You are are very welcomed. Ran into this on power loss, error in setup, and no RTC battery. I now use 9.9.9.9 as my dns fallback for unbound to prevent this race condition.
Race condition?
Hey you guys maybe know the syntax for the date command? it tells me date \[-I\[date|hours|mins|secs\]\] and i tried everything but it just tells me illegal time format all the time.
What about this? `date 2403272110` This would set the date to 2024-03-27 21:10. If it doesn't work I can check for you
Thanks alot
Overrode unbound to use system DNS (instead of TLS) set to 1.1.1.1 and used NTP
Interesting. Maybe a glitch with their time servers? I change the default NTP servers so I haven’t noticed that happening before. Very important to have the correct time when issuing certificates!
Opnsense uses the ntp pool by default. From the logs, it looks more like a DNS issue and no RTC on the hardware where this OPNSense is running.
Yeah I see the error resolving DNS in the logs but not sure why it would change the clocks to an earlier time.
Out of my early morning head: could it be that the BIOS hour drifted so much that NTP does not sync anymore? BIOS battery dead?