I have the same situation with npeca75 I just update my two rb5009 are you saying we can’t reboot this device?
FWIW: I had to uninstall wifi-qcom-ac from my Chateau LTE12 in order to upgrade to 7.19 and continue to use the container package. I did not use the built-in wireless anyways. The Chateau is a CAPsMAN and it was convenient to have the wifi-qcom-ac package installed so auto-upgrade for my connected CAP ac to work. It was also nice to have a “backup wireless” in case I needed to disconnect my cap ac for some reason or in case of other capsman related issues. Now I have 2652KiB free space on the Chateau - and I feel this is plenty right now. Free RAM also increased by ~50MB - nice gain here as well. Still I think and have hope that Mikrotik finds a way to split up - as already mentioned - the wifi-qcom-ac package into more platform-specific smaller packages.
After Upgrade to 7.19 tonight all Caps about 80 of them went inactive with this LOG-Error: "CAP connect to Router R2D2 (4F:1B:3B:2B:EB:A2/6/0) failed: ssl: no trusted CA certificate found (6)
Any helpful Idea would be very welcome
Fillippo
See above… You need to run this on all of them:
/certificate/set trusted=yes [ find where trusted=yes ];
@eworm My minimal capsman setup did not suffer from this problem. I have 2 capsman certs on the capsman: the CA one and the other. The CA certificate is “trusted = yes” while the other is “trusted = no”. I think this is correct as usually you need to only trust the self-signed CA cert. The connection between capsman and cap works fine.
Your router still shows the factory firmware version as 7.6, so you should be safe. If I am not mistaken, if you had upgraded RouterBOOT with the faulty package, then factory firmware would be shown as 7.18.2 instead of 7.6. Can the people affected with the issue confirm it?
He wrote the problem was with the universal package that updated the backup bootloader to 7.18.2 - yours does not look like having that installed.
yes, mine is 7.18.2
both pri and backup
When did you setup CAPsMAN? (Well, not even sure that is important…) And when (with what RouterOS version) did you set up the CAP? Is the CAP set up to use a certificate at all?
You are hit by this issue only if CAP was set up with RouterOS 7.4 or earlier, and requires certificate to connect.
BTW, Mikrotik confirmed the issue, and it is already fixed in 7.21_ab8. (Untested…)
Let’s wait for RouterOS 7.19.1… I guess we will see that really soon.
If you do not update RouterBOOT with the “v7 Universal Package for All Architectures” from this link, this problem will not occur. This problem is caused by using this firmware update.
I have replaced the RB5009 from the seller and updated the system and firmware to 7.18.2, 7.19 through winbox without any problems
npeca75 - Router experiences problem when you install package from our help page: https://help.mikrotik.com/docs/spaces/ROS/pages/40992878/RouterBOARD#RouterBOARD-Protectedbootloader
This package is NOT required in order to use protected bootloader. It is required only if:
- Protected bootloader does not work out of the box
- Factory firmware is old
- And you see the warning stating that you must install this package
RB5009 did not show such warning. RB5009 can use protected bootloader without any universal package installation.
We have updated manual just now to make it even more clearer.
tnx for clarification, but it is late now
i have last running unit RB5009 with both 7.18.2 bootloader
and i am afraid, it will not boot anymore after reset/power cycle
so, please, from where to download FIXED bootloader package ?
before this last 5009 die …
Hello @strods,
Could you please clarify what qualifies as “old” factory firmware?
My device shows the following:
Firmware Type 70x0
Factory Firmware 7.15.2
Current Firmware 7.18.2
Upgrade Firmware 7.18.2
Thanks!
Well… you shouldn’t have updated the bootloader without following instructions that clearly states:
This section only applies to older devices that display a particular error message! Do not change the bootloader without seeing a message instructing you to do it.
your device displays the message → The “protected routerboot” feature requires a backup-routerboot upgrade
On the other hand idiots claiming that there is some secret reasons to do this anyway probably pushed some to do it
Re: v7.18.2 [stable] is released!
Post by rextended » Fri May 09, 2025 9:09 pmTo avoid having problems like in other topics, it’s better to update while you can… ignoring whether one uses that feature or not.
There is more underneath (unsaid, don’t ask) that makes it worth updating.
@bratislav Right after the quoted post it is already clarified by pe1chl in which cases the update may be needed. http://forum.mikrotik.com/t/problems-getting-mikrotik-to-work-with-dsl/442/1
@HoracioDos “And you see the warning stating that you must install this package” qualifies as “you need it”. All other cases: you do not need it apparently.
But would be nice for Mikrotik package to perform a sanity check - especially when a wrong upgrade kill the device beyond redemption. Since it only should be applied if a given message is shown, it would be possible to test the condition to see if the upgrade was needed - in fact, possible.
so … basicaly, if i get it right
it is MY fault, that MT put on HELP page package which will brick their own device???
Hello,
over a 100 Cap’s are down due to this 7.19 update!
Either changes on all of them or downgrade would be a huge effort.
LOG-Error: "CAP connect to Router R2D2 (4F:1B:3B:2B:EB:A2/6/0) failed: ssl: no trusted CA certificate found (6)
Fast help is required.
We have so many unhappy clients!
Is wifi-qcom-ac dead? Nothing in this changelog about it, so I assume it’s dead. Can we get an official confirmation about the “deadness” instead of silence and empty changelogs indicating it’s dead but nobody wants to admit it?
I’m having a VERY hard time (read: I cannot do it) setting up VLANs with the ax3 and Audience combo. Just say “it’s dead” and “we’re going to release a wife-approved Audience AX in the future”.