Snapshot on 11th Jan 2011 GUI not work
-
Hi,
I'm using 2.0-BETA5 (i386) built on Tue Jan 11 14:19:18 EST 2011 on two boxes and I could access the webGUI.
-
All working here, i386, nanobsd, amd64, all OK.
-
I am having the same problem after rebooting the firewall after an update. ย The login page times out and I can't get to the gui using HTTPS.
EDIT: I am using a cert for the webconfig that I have created using pfSense cert manager (self signed) and I am using the newest snapshot from Jan 12th 2:06.
-
Me too. I am using self-signed cert.ย By the way, anyway to check the startup log for the httpd?
Thanks. -
Me too
after this update pfSense-2.0-BETA5-amd64-20110111-1024 HTTPS webgui stopped working. If I edit config file it starts working in HTTP
tried starting by hand
[2.0-BETA5][root@fw.site]/root(1): lighttpd -f /var/etc/lighty-webConfigurator.conf 2011-01-13 12:41:13: (network.c.565) SSL: error:00000000:lib(0):func(0):reason(0) /var/etc/ca.pem [2.0-BETA5][root@fw.site]/root(2): uname -a FreeBSD fw.site 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #1: Wed Jan 12 23:11:04 EST 2011 ย ย root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 ย amd64opened a ticket http://redmine.pfsense.org/issues/1188
-
Also happened to me on 2.0-BETA5 (i386) built on Thu Jan 13 02:45:05 EST 2011.
Was able to edit config.xml to accept http connections and regain access. -
I think I may have an idea of what might be happening. Hopefully the next snapshot should be OK.
-
So, JimP, the 14th's early morning snap should fix the problem with the web gui?
-
I'm not entirely sure, but it's worth trying.
-
Accessing the gui over https is working again for me using 2.0-BETA5 (i386) built on Thu Jan 13 19:33:19 EST 2011.
Thanks jimp! -
I just tried the build now.. still failed.
Thanks. -
Doesn't work for me either?
-
What errors are showing up in the system log now? What about /var/log/lighttpd.error.log?
-
System Log
Jan 14 10:23:53 php: /system_advanced_admin.php: webConfigurator configuration has changed. Restarting webConfigurator. Jan 14 10:23:53 check_reload_status: webConfigurator restart in progress Jan 14 10:23:55 php: : The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2011-01-14 10:23:55: (network.c.565) SSL: error:00000000:lib(0):func(0):reason(0) /var/etc/ca.pem' Jan 14 10:23:55 php: : Creating rrd update script Jan 14 10:25:14 check_reload_status: syncing firewall/var/log/lighttpd.error.log
2011-01-14 10:17:40: (log.c.166) server started 2011-01-14 10:17:46: (log.c.166) server started 2011-01-14 10:23:55: (log.c.166) server started 2011-01-14 10:25:18: (log.c.166) server started 2011-01-14 10:25:20: (log.c.166) server started -
I've been able to work around this by commenting out the following line from /var/etc/lighty-webConfigurator.conf:
ssl.ca-file = "/var/etc/ca.pem"Then, restarting lighttpd:
lighttpd -f /var/etc/lighty-webConfigurator.confIt appears that the CA cert / key pair do not survive.
-
That's the thing, with the default webgui cert there is no ca, so that line isn't there. I have no such line on mine.
-
Does /var/etc/ca.pem exist? If it does, is it empty? Or does it actually have the ca certificate in it?
-
When this issue occurs, the file ("/var/etc/ca.pem") exists and is empty.ย I think this is only an issue if you create your own CA and subsequently a certificate for use with the webgui.
-
When you do "ls -l /var/etc/ca.pem" does it show as 0 bytes, or does it actually have some (blank) content in it like spaces or blank lines?
-
I've made a cert from an existing CA and used it and it was OK, and I made a fresh CA and cert and used it and it was still OKโฆ so if there is something happening it's likely related to your config in some way.
I can add some extra safety belts around writing out the CA. It already checks if it's empty (as in empty string, "") but it should probably actually be using php's empty() call instead.
