Trying to upgrade my NAS running FreeNAS-11.2.8 to latest FreeNAS-11.3 by using the web UI simply saying almost nothing.

So I decided to have a look at the freenas-update command which looks to make the job, but in the end it failed :(

root@nas:/mnt/zfs_vol_raidz1 # freenas-update -T FreeNAS-11.3-STABLE -v update

with the result below

[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmpz_9gx066.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Update:1620] Could not open sequence file in cache directory /var/db/system/update: [Errno 2] No such file or directory: '/var/db/system/update/SEQUENCE'
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/FreeNAS/FreeNAS-11.3-STABLE/LATEST'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /FreeNAS/FreeNAS-11.3-STABLE/LATEST HTTP/1.1" 200 1957
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/FreeNAS/FreeNAS-11.3-STABLE/LATEST']):  Read 1957 bytes total
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmpylsogslr.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmp2r8h34jz.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Update:1620] Could not open sequence file in cache directory /var/db/system/update: [Errno 2] No such file or directory: '/var/db/system/update/SEQUENCE'
[freenasOS.Update:938] Incomplete cache directory, will try continuing
[freenasOS.Update:951] Going to try checking cached manifest /var/db/system/update/MANIFEST
[freenasOS.Update:963] Going to try loading manifest file now
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmpzhhja6fh.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Update:965] Loaded manifest file
[freenasOS.Update:966] Cached manifest file has sequence e1b01c8c85d9ad63759e484f30efb325, latest_manfest has sequence e1b01c8c85d9ad63759e484f30efb325
[freenasOS.Update:1013] DownloadUpdate:  diffs = {'Packages': [(<freenasOS.Package.Package object at 0x809f78710>, 'upgrade', <freenasOS.Package.Package object at 0x80ac14d68>), (<freenasOS.Package.Package object at 0x809f78ef0>, 'upgrade', <freenasOS.Package.Package object at 0x80ac14a90>), (<freenasOS.Package.Package object at 0x809f78e10>, 'upgrade', <freenasOS.Package.Package object at 0x80ac14d30>), (<freenasOS.Package.Package object at 0x809f784e0>, 'upgrade', <freenasOS.Package.Package object at 0x809f78e80>)], 'Reboot': True, 'Train': ('FreeNAS-11.2-STABLE', 'FreeNAS-11.3-STABLE'), 'Sequence': ('8ba69aba1ecc4c3b9aa817078e77f308', 'e1b01c8c85d9ad63759e484f30efb325')}
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package base-os
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package freebsd-pkgdb
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package freenas-pkg-tools
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package FreeNASUI
[freenasOS.Update:1027] Update does seem to require a reboot
[freenasOS.Configuration:1200] Searching for base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz', 'https://update-master.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update.ixsystems.com
[freenasOS.Configuration:681] Unable to load https://update.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz: HTTPSConnectionPool(host='update.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz HTTP/1.1" 302 161
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update.freenas.org
[freenasOS.Configuration:681] Unable to load https://update-master.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz: HTTPSConnectionPool(host='update.freenas.org', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
[freenasOS.Configuration:695] Unable to load ['https://update.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz', 'https://update-master.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz']: HTTPSConnectionPool(host='update.freenas.org', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
[freenasOS.Configuration:1237] Trying to get Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz, got exception HTTPSConnectionPool(host='update.freenas.org', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)), continuing
[freenas-update:195] base-os
Traceback (most recent call last):
  File "/usr/local/bin/freenas-update", line 169, in DoDownload
    rv = Update.DownloadUpdate(train, cache_dir, pkg_type=pkg_type, ignore_space=ignore_space)
  File "/usr/local/lib/freenasOS/Update.py", line 1037, in DownloadUpdate
    ignore_space=ignore_space
  File "/usr/local/lib/freenasOS/Configuration.py", line 1260, in FindPackageFile
    raise Exceptions.UpdatePackageNotFound(package.Name())
freenasOS.Exceptions.UpdatePackageNotFound: base-os
Received exception during download phase, cannot update

After few research in FreeNAS/TrueNAS forum, I’ve found the root cause of the upgrade failing.

https://www.truenas.com/community/threads/unable-to-update-because-of-ssl-error.95702/

To summaries, the upgrade fail because of the reason below

Let's Encrypt root certificate being phased out

So to be able to upgrade my NAS to latest FreeNAS-11.3, without having to build the boot device (ISO or USB stick), I’ve followed the instructions below (mentioned in the above link)

curl -O -k https://curl.se/ca/cacert-2021-09-30.pem
cp -v cacert-2021-09-30.pem /usr/local/share/certs/cert.pem
cp -v cacert-2021-09-30.pem /usr/local/share/certs/truenas_cacerts.pem

From this stage, I was able to run the freenas-update command without a glitch :)

Really important: Before doing anything else, I did a backup of my FreeNAS server configuration

First run the check sub-command

freenas-update -T FreeNAS-11.3-STABLE -v check

and then run the “real” upgrade

freenas-update -T FreeNAS-11.3-STABLE -v check

Once the upgrade process is completed, I saw a message telling me You need to reboot your server.

After a reboot, I was pretty happy to see that my server have been upgraded to FreeNAS 11.3-U5

Hope it helps !