Upgrading Freenas 11.2 to 11

Trying to upgrade my NAS running FreeNAS-11.2.8 to latest FreeNAS-11.3 using FreeNAS web UI, but it was failing with no much useful error message.

After some research, I decided to have a closer look at the freenas-update command which seem’s to make the job like …

root@nas:/mnt/zfs_vol_raidz1 # freenas-update -T FreeNAS-11.3-STABLE -v update

but it failed again with the command output below

[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmpz_9gx066.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Update:1620] Could not open sequence file in cache directory /var/db/system/update: [Errno 2] No such file or directory: '/var/db/system/update/SEQUENCE'
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/FreeNAS/FreeNAS-11.3-STABLE/LATEST'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /FreeNAS/FreeNAS-11.3-STABLE/LATEST HTTP/1.1" 200 1957
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/FreeNAS/FreeNAS-11.3-STABLE/LATEST']):  Read 1957 bytes total
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmpylsogslr.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmp2r8h34jz.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Update:1620] Could not open sequence file in cache directory /var/db/system/update: [Errno 2] No such file or directory: '/var/db/system/update/SEQUENCE'
[freenasOS.Update:938] Incomplete cache directory, will try continuing
[freenasOS.Update:951] Going to try checking cached manifest /var/db/system/update/MANIFEST
[freenasOS.Update:963] Going to try loading manifest file now
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /updates/ix_crl.pem HTTP/1.1" 200 1028
[freenasOS.Configuration:76] CheckFreeSpace(path=/tmp/tmpzhhja6fh.pem, pool=None, required=1028)
[freenasOS.Configuration:731] TryGetNetworkFile(['https://update-master.ixsystems.com/updates/ix_crl.pem']):  Read 1028 bytes total
[freenasOS.Update:965] Loaded manifest file
[freenasOS.Update:966] Cached manifest file has sequence e1b01c8c85d9ad63759e484f30efb325, latest_manfest has sequence e1b01c8c85d9ad63759e484f30efb325
[freenasOS.Update:1013] DownloadUpdate:  diffs = {'Packages': [(<freenasOS.Package.Package object at 0x809f78710>, 'upgrade', <freenasOS.Package.Package object at 0x80ac14d68>), (<freenasOS.Package.Package object at 0x809f78ef0>, 'upgrade', <freenasOS.Package.Package object at 0x80ac14a90>), (<freenasOS.Package.Package object at 0x809f78e10>, 'upgrade', <freenasOS.Package.Package object at 0x80ac14d30>), (<freenasOS.Package.Package object at 0x809f784e0>, 'upgrade', <freenasOS.Package.Package object at 0x809f78e80>)], 'Reboot': True, 'Train': ('FreeNAS-11.2-STABLE', 'FreeNAS-11.3-STABLE'), 'Sequence': ('8ba69aba1ecc4c3b9aa817078e77f308', 'e1b01c8c85d9ad63759e484f30efb325')}
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package base-os
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package freebsd-pkgdb
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package freenas-pkg-tools
[freenasOS.Update:1024] DownloadUpdate:  Will upgrade package FreeNASUI
[freenasOS.Update:1027] Update does seem to require a reboot
[freenasOS.Configuration:1200] Searching for base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz
[freenasOS.Configuration:601] TryGetNetworkFile(['https://update.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz', 'https://update-master.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz'])
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update.ixsystems.com
[freenasOS.Configuration:681] Unable to load https://update.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz: HTTPSConnectionPool(host='update.ixsystems.com', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update-master.ixsystems.com
[urllib3.connectionpool:396] https://update-master.ixsystems.com:443 "GET /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz HTTP/1.1" 302 161
[urllib3.connectionpool:824] Starting new HTTPS connection (1): update.freenas.org
[freenasOS.Configuration:681] Unable to load https://update-master.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz: HTTPSConnectionPool(host='update.freenas.org', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
[freenasOS.Configuration:695] Unable to load ['https://update.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz', 'https://update-master.ixsystems.com/FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz']: HTTPSConnectionPool(host='update.freenas.org', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
[freenasOS.Configuration:1237] Trying to get Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz, got exception HTTPSConnectionPool(host='update.freenas.org', port=443): Max retries exceeded with url: /FreeNAS/Packages/base-os-11.3-U5-e1b01c8c85d9ad63759e484f30efb325.tgz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)), continuing
[freenas-update:195] base-os
Traceback (most recent call last):
  File "/usr/local/bin/freenas-update", line 169, in DoDownload
    rv = Update.DownloadUpdate(train, cache_dir, pkg_type=pkg_type, ignore_space=ignore_space)
  File "/usr/local/lib/freenasOS/Update.py", line 1037, in DownloadUpdate
    ignore_space=ignore_space
  File "/usr/local/lib/freenasOS/Configuration.py", line 1260, in FindPackageFile
    raise Exceptions.UpdatePackageNotFound(package.Name())
freenasOS.Exceptions.UpdatePackageNotFound: base-os
Received exception during download phase, cannot update

After spending few hours looking at threads in FreeNAS/TrueNAS forum, I finally found a thread which explains the root cause :)

To keep it simple, the reason why the upgrade failed was “simply” due to Let’s Encrypt root certificate out of date on my system

Reaons: Let's Encrypt root certificate being phased out

To fix the buggy upgrade process, just follow below commands in your terminal

curl -O -k https://curl.se/ca/cacert-2021-09-30.pem
cp -v cacert-2021-09-30.pem /usr/local/share/certs/cert.pem
cp -v cacert-2021-09-30.pem /usr/local/share/certs/truenas_cacerts.pem

Once this was done, I was able to run the freenas-update command without a glitch :)

Super important note before you start !

Before doing anything else, I’d strongly recommend to perform a backup of your FreeNAS config, just in case something goes wrong ;)

Then in your terminal …

First run the check sub-command

freenas-update -T FreeNAS-11.3-STABLE -v check

and then run the “real” upgrade

freenas-update -T FreeNAS-11.3-STABLE -v update

Once the upgrade process is completed, I saw a message telling me You need to reboot your server.

After a reboot, I was glad to see that my server have been upgraded to FreeNAS 11.3-U5

Hope it could help someone else !