Didn't come back after a reboot. Fresh install works. Same issue after restoring config.
-
Running 24.03 on generic x64 hardware
I had a certificate-related error in the notifications. I didn't think much of it and rebooted. It didn't come back up. It boots up until this screen pic. I copied off the config.xml, fresh installed pfsense which was fine then restored the config which rebooted into the exact same issue again!
Can anyone tell me what section I should be removing from my config to make it boot up successfully after restoring?
-
@bradsm87 said in Didn't come back after a reboot. Fresh install works. Same issue after restoring config.:
installed pfsense which was fine then restored the config which rebooted into the exact same issue again!
So the issue is within your config file ....
It looks like one of the certs - the one used by the GUI, is bad.Open the config file - and locate the reference of that cert :
Then use that reference to find the cert :
Delete the entire :
<cert> <refid>5aa9ad543a4a6</refid> <descr><![CDATA[V2_blkablablabla.tld]]></descr> ......... </cert>section.
Import.The web gui cert is probably regenerated if it doesn't exist.
Btw : this is not an an official solution, but what "I would do" ^^
-
Yup, that would probably work.
Be interesting to know what that cert is that triggers that though.
Are you able to send us your config for testing?
Steve
-
The referenced certificate ID in both the WebUI and an IPSEC mobile client VPN didn't exist. I tried, in this order:
-
Corrected cert ID. Still crashed. Issue appears to be the certificate itself.
-
Changed WebUI to HTTP and removed the certref. This crashed in the same way, but when loading IPSEC, not WebUI.
-
Removed the certref from both WebUI and IPSEC sections. Still crashed. It must pick an available certificate if none specified.
-
Exported config from a fresh install, removed my problematic cert from the config, copied in the default self-signed cert from the other export, put its ref in for WebUI and IPSEC. This worked!
I learnt a lesson today - keep the default self-signed cert, even if not in use, to be able to easily reference it if something like this happens again.
This issue happened within a few days of updating the ACME Certificates package so I suspect it may be related.
-
-
@stephenw10 said in Didn't come back after a reboot. Fresh install works. Same issue after restoring config.:
Yup, that would probably work.
Be interesting to know what that cert is that triggers that though.
Are you able to send us your config for testing?
Steve
Chat sent
-
For reference one other thing you could have tried there would be to run at the CLI:
pfSsh.php playback generateguicertThat should create a new cert and assign it to the webgui.
