Snapshot on 11th Jan 2011 GUI not work
-
I think I may have an idea of what might be happening. Hopefully the next snapshot should be OK.
-
So, JimP, the 14th's early morning snap should fix the problem with the web gui?
-
I'm not entirely sure, but it's worth trying.
-
Accessing the gui over https is working again for me using 2.0-BETA5 (i386) built on Thu Jan 13 19:33:19 EST 2011.
Thanks jimp! -
I just tried the build now.. still failed.
Thanks. -
Doesn't work for me either?
-
What errors are showing up in the system log now? What about /var/log/lighttpd.error.log?
-
System Log
Jan 14 10:23:53 php: /system_advanced_admin.php: webConfigurator configuration has changed. Restarting webConfigurator. Jan 14 10:23:53 check_reload_status: webConfigurator restart in progress Jan 14 10:23:55 php: : The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2011-01-14 10:23:55: (network.c.565) SSL: error:00000000:lib(0):func(0):reason(0) /var/etc/ca.pem' Jan 14 10:23:55 php: : Creating rrd update script Jan 14 10:25:14 check_reload_status: syncing firewall/var/log/lighttpd.error.log
2011-01-14 10:17:40: (log.c.166) server started 2011-01-14 10:17:46: (log.c.166) server started 2011-01-14 10:23:55: (log.c.166) server started 2011-01-14 10:25:18: (log.c.166) server started 2011-01-14 10:25:20: (log.c.166) server started -
I've been able to work around this by commenting out the following line from /var/etc/lighty-webConfigurator.conf:
ssl.ca-file = "/var/etc/ca.pem"Then, restarting lighttpd:
lighttpd -f /var/etc/lighty-webConfigurator.confIt appears that the CA cert / key pair do not survive.
-
That's the thing, with the default webgui cert there is no ca, so that line isn't there. I have no such line on mine.
-
Does /var/etc/ca.pem exist? If it does, is it empty? Or does it actually have the ca certificate in it?
-
When this issue occurs, the file ("/var/etc/ca.pem") exists and is empty. I think this is only an issue if you create your own CA and subsequently a certificate for use with the webgui.
-
When you do "ls -l /var/etc/ca.pem" does it show as 0 bytes, or does it actually have some (blank) content in it like spaces or blank lines?
-
I've made a cert from an existing CA and used it and it was OK, and I made a fresh CA and cert and used it and it was still OK… so if there is something happening it's likely related to your config in some way.
I can add some extra safety belts around writing out the CA. It already checks if it's empty (as in empty string, "") but it should probably actually be using php's empty() call instead.
-
I can't seem to reproduce this now, but IIRC, the file was 0 bytes.
-
That's the thing, with the default webgui cert there is no ca, so that line isn't there. I have no such line on mine.
JimP, like you, I have no such line in my /var/etc/lighty-webConfigurator.conf
-
JimP, like you, I have no such line in my /var/etc/lighty-webConfigurator.conf
To get the error you posted earlier, you have to have the ca line in the lighty config. If it wasn't there, you wouldn't get the error about ca.pem.
-
If I understand correctly, I should have that line in my file?
EDIT: I can't verify if it is in there because when I change the login to HTTPS I get a timeout on my browser and have to reset it using the "Set interface(s) IP address" on the console to revert back to HTTP.
-
You posted that you had an error referencing ca.pem, in order for that error to happen, you have to have a line in the lighty config file that references ca.pem.
-
It is due to a CA getting deleted. My main CA that was created to access the webgui was deleted, but I am questioning why it has been deleted on two different machines with different configurations. Wondering if it happened with one of the upgrades because it has been in there since I initially configured the firewall.
EDIT: All is working now that I recreated the CA. Thanks JimP!!
