PHP error installing pfSense-pkg-acme: 0.9_1

istacey

Hello,

Since 24.11 I've had PHP errors flagged in the pfsense interface, I tracked them down to ACME so thought the simplest thing would be to reinstall. I get this on install now...

Executing custom_php_install_command()...<pre style="white-space: pre-wrap;">PHP ERROR: Type: 1, File: /usr/local/pkg/acme/acme.inc, Line: 2938, Message: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/acme/acme.inc:2938

Stack trace:

#0 /usr/local/pkg/acme/acme.inc(2916): pfsense_pkg\acme\acme_convert_letsencryptv1_to_letsencryptv2()

#1 /etc/inc/pkg-utils.inc(800) : eval()&#039;d code(1): pfsense_pkg\acme\acme_custom_php_install_command()

#2 /etc/inc/pkg-utils.inc(800): eval()

#3 /etc/inc/pkg-utils.inc(917): eval_once()

#4 /etc/rc.packages(76): install_package_xml()

#5 {main}

thrown</pre>=====

Message from php83-ftp-8.3.12:

Running on a Netgate 3100, no other mods, very vanilla.

Any ideas?

Gertjan

@istacey said in PHP error installing pfSense-pkg-acme: 0.9_1:

Any ideas?

Yes and no.

It fails because it found something totally not expected thus 'wrong' in your config.xml file.
The solution is easy.
First, export your pfSense config.xml, and have a look.

Here :

I have a section, the first, <accountkeys>, this <acmeserver>letsencrypt-staging-2</acmeserver> (with the name "test") that I never use.
"letsencrypt-staging-2" is only useful for testing, as the certificates obtained are not trusted by browsers.

You could even delete this block - the one that uses the "staging" :

				<item>
					<accountkey>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJSktnSUJBQUtDQWdFQXRMT......
xbE9ZdXc9PQ0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg==</accountkey>
					<name>test</name>
					<acmeserver>letsencrypt-staging-2</acmeserver>
					<renewafter></renewafter>
					<errorfiles></errorfiles>
					<email><![CDATA[gw.kroeb@gmail.com]]></email>
					<descr><![CDATA[test nsupdate]]></descr>
				</item>

Save, import back in. Install acme and ... => no more issues <====

What was the problem ?

The second, using "letsencrypt-production-2" is the one used for the real works.

istacey

@Gertjan Thanks for taking the time to reply.

I've tried a few times to install and set this up and subsequently removed the package. Therefore I don't (appear to) have a config file to cause this.

I've looked in what I understand to be the place it lives (/conf/acme) but the directory doesn't exist.

Could there be other config hidden away somewhere that is related to your explanation of the error? (I'm going to do a search of the whole device to see what I can find!).

As part of my further research into what this could be, I did see that the latest version of pfSense uses a latter version of PHP which is much stricter with types, specifically arrays/lists which presumably PHP uses to store XML in memory. The article I read suggested that Acme wasn't as string.

I'll keep investigating!

Gertjan

@istacey said in PHP error installing pfSense-pkg-acme: 0.9_1:

Therefore I don't (appear to) have a config file to cause this.

This file /cf/conf.config.xml is the entire pfSense config file.
It exists.
have a look, open the file, find the place that I've showed above.
Something 'illegal' is in there that makes pfSense (acme) go belly up.

Btw : the staging letsencrypt servers were changed, that happened many month (half a year, more ?) ago. the acmle.sh package was updated at that moment. Your's wasn't updated ?

istacey

@Gertjan Thank you so much for the help. I've removed all of the child nodes of <acme>, reinstalled the package and it completed.

Thanks again!