What are the results of the following:
ping 8.8.8.8
ping 168.119.138.211
nslookup downloads.openwrt.org
wget https://downloads.openwrt.org/releases/22.03.3/targets/ath79/generic/packages/Packages.gz
root@MainAP:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=113 time=58.290 ms
64 bytes from 8.8.8.8: seq=1 ttl=113 time=49.958 ms
64 bytes from 8.8.8.8: seq=2 ttl=113 time=51.635 ms
64 bytes from 8.8.8.8: seq=3 ttl=113 time=64.578 ms
64 bytes from 8.8.8.8: seq=4 ttl=113 time=48.041 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 48.041/54.500/64.578 ms
root@MainAP:~#
root@MainAP:~# ping 168.119.138.211
PING 168.119.138.211 (168.119.138.211): 56 data bytes
64 bytes from 168.119.138.211: seq=0 ttl=40 time=301.952 ms
64 bytes from 168.119.138.211: seq=1 ttl=40 time=307.237 ms
64 bytes from 168.119.138.211: seq=2 ttl=40 time=307.019 ms
64 bytes from 168.119.138.211: seq=3 ttl=40 time=317.965 ms
64 bytes from 168.119.138.211: seq=4 ttl=40 time=309.786 ms
64 bytes from 168.119.138.211: seq=5 ttl=40 time=317.406 ms
^C
--- 168.119.138.211 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 301.952/310.227/317.965 ms
root@MainAP:~#
root@MainAP:~# nslookup downloads.openwrt.org
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
downloads.openwrt.org canonical name = mirror-02.infra.openwrt.org
Name: mirror-02.infra.openwrt.org
Address: 168.119.138.211
Non-authoritative answer:
downloads.openwrt.org canonical name = mirror-02.infra.openwrt.org
Name: mirror-02.infra.openwrt.org
Address: 2a01:4f8:251:321::2
root@MainAP:~#
root@MainAP:~# wget https://downloads.openwrt.org/releases/22.03.3/targets/ath79/generic/packages/Packages.gz
Downloading 'https://downloads.openwrt.org/releases/22.03.3/targets/ath79/generic/packages/Packages.gz'
Connecting to 168.119.138.211:443
Connection error: Invalid SSL certificate
root@MainAP:~#
I guess thats pretty clear cut then, SSL.
What's strange is that you just installed 22.03.3 -- the latest and greatest. SSL should be all up to date and synced. Most users are not seeing these issues... did you restore a backup or do anything to the config except for the most basic network config details?
I restored a backup.
Ok... try resetting to defaults. Then redo your configuration (you can use your backup as a reference, but just do it manually) -- just the network and SSID stuff as needed, nothing else. Once that's in place, running opkg update again.
you can reset by issuing the following:
firstboot -y && reboot now
The only issue with that is its quite a complicated setup and the AP is connected to a TRUNK.
So I would need to configure the trunk, which was not easy last time.
Ok... then, copy the relevant files from your router and then you can restore those directly without restoring a full backup.
usually, the most important files are:
/etc/config/network
/etc/config/wireless
/etc/config/dhcp
/etc/config/firewall
Your trunk will all be setup in the network file. The rest just makes sure you're totally in sync.
Yup ok, I take it I can just drop these on with SCP?
Yup... use SCP to get them from your router > computer, and then from the computer > router when you're done resetting to defaults.
Ok, that worked!
Downloading https://downloads.openwrt.org/releases/22.03.3/targets/ath79/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/22.03.3/targets/ath79/generic/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/22.03.3/packages/mips_24kc/telephony/Packages.sig
Signature check passed.
Woohoo!!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thank you everyone
I would highly recommend installing attended sysupgrade. It will get the correct image for you automatically and will include any packages you may have installed too. It makes upgrading really easy!
This doesn't make a lot of sense. The system root certificates are in /etc/ssl/certs, which is installed by the package ca-bundle. The certificate file should not be included in a configuration backup.
Yea im a bit confused. To be honest I would like to know why it wasnt working ideally.
I will install attended sysupgrade, this looks good!
If I had to guess, the backup file contained all of /etc/
@deanfourie - can you take a look in your backup file (just unzip it) and post the contents of the following file:
/etc/sysupgrade.conf
Damn, unfortunately I can not,
I deleted the bad backups and replaced with new ones once everything was working.
Ill have a dig and see if I can find anymore copies of the old backups.