Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Error: cannot open certificate file in system_webgui_start()

    Scheduled Pinned Locked Moved webGUI
    13 Posts 4 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yis
      last edited by

      sounds not good  :'(

      is there any possibility to check file system from shell?
      any default command is not possible due to restriction…

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @yasinis:

        …
        so i tried to edit config.xml to revert connections to HTTP, but i can not get the system to read-write. I am using the script:

        
 /etc/rc.conf_mount_rw
 vi /conf/config.xml

        these 2 command can be replaced by :
        viconfig
        @yasinis:

        and get after editing following failure:

        
Read-only file, not written; use ! to override.

        this is a pretty good 99,9 % that your media is out of order.
        It good be a small file system glitch ….. (what ? no UPS ???)
        Or a bad sector ....

        is there any possibility to check file system from shell?

        Of course :
        Find some instruction here : https://forums.freebsd.org/threads/1823/
        Or here : https://doc.pfsense.org/index.php/Forcing_a_Filesystem_Check

        I advise you change the disk right away - this way you won't fall for something like this : https://www.reddit.com/r/PFSENSE/comments/3611me/a_bad_sector_repairing_pfsense_after_the_mess/

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • Y
          yis
          last edited by

          great, thank you for your advice.
          i already found these stuff, also tryed them without solution.

          my idea was also, that ssd is going to r.i.p. :-(
          need to get a new one asap..

          or would you advice me to use SD or USB for install destination?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            No, SD/USB is a whole lot worse option.

            Also, if you are using SSD, there's really no good reason to use embedded nanobsd (abandoned with 2.4 anyway.)

            1 Reply Last reply Reply Quote 0
            • Y
              yis
              last edited by

              @doktornotor:

              No, SD/USB is a whole lot worse option.

              Also, if you are using SSD, there's really no good reason to use embedded nanobsd (abandoned with 2.4 anyway.)

              i'm sorry, i did not recognize you thought that i am using a nanobds image.
              that's wrong - i am using the default image, installed via usb installer directly to ssd on apu1d4 hardware :-)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                No idea what you've been attempting with  /etc/rc.conf_mount_rw in that case.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Nudge the firewall to create you a new GUI certificate, the one you have selected isn't usable for some reason.

                  pfSsh.php playback generateguicert

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • Y
                    yis
                    last edited by

                    @jimp:

                    Nudge the firewall to create you a new GUI certificate, the one you have selected isn't usable for some reason.

                    pfSsh.php playback generateguicert

                    thanks - i gave this a try, it r eally seems that i have a defective SSD inside my FW.
                    I am going to replace this next week.

                    1 Reply Last reply Reply Quote 0
                    • Y
                      yis
                      last edited by

                      hey guys - i wanted to give you feedback about this.

                      actually  i bought a new ssd, went to the datacenter and first trying a reboot on APU-Hardware.
                      after reboot firewall was booting OK - a little bit confusing me.

                      so i was:

                      • not able to change config
                      • not able to restart webgui
                      • not able to reboot pfsense remotely

                      but after power cycle the box came up again…

                      any possibility to see in the logs what happened?

                      1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan
                        last edited by

                        @yasin:

                        ….
                        any possibility to see in the logs what happened?

                        After the box reboots, goto console (or use a ssh client if sshd is activated) - option 8 (shell) and type

                        dmesg

                        The entire boot process will be showed, up until the point everything is loaded (mounted) and started.
                        At the end, look for file system errors (read only mode for example).

                        dmesg is more a hardware log - all devices are found, activated etc.

                        The "dmesg" log will be overwritten when rebooted.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • Y
                          yis
                          last edited by

                          there is no error…
                          this is whole log for "dmesg"

                          
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May  3 16:09:14 CDT 2017
    root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x500f20  Family=0x14  Model=0x2  Stepping=0
  Features=0x178bfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>Features2=0x802209 <sse3,mon,ssse3,cx16,popcnt>AMD Features=0x2e500800 <syscall,nx,mmx+,ffxsr,page1gb,rdtscp,lm>AMD Features2=0x35ff <lahf,cmp,svm,extapic,cr8,abm,sse4a,mas,prefetch,ibs,skinit,wdt>SVM: NP,NRIP,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 4815060992 (4592 MB)
avail memory = 4080889856 (3891 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <core  coreboot="">FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
random: <software, yarrow="">initialized
ioapic0 <version 2.1="">irqs 0-23 on motherboard
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff806209b0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80620a60, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80620b10, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80647cb0, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80647d60, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff80647e10, 0) error 1
netmap: loaded module
kbd0 at kbdmux0
module_register_init: MOD_LOAD (vesa, 0xffffffff81017160, 0) error 19
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
acpi0: <core coreboot="">on motherboard
acpi0: Power Button (fixed)
cpu0: <acpi cpu="">on acpi0
cpu1: <acpi cpu="">on acpi0
atrtc0: <at realtime="" clock="">port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <at timer="">port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
hpet0: <high precision="" event="" timer="">iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 450
pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus="">on pcib0
pcib1: <acpi pci-pci="" bridge="">irq 16 at device 4.0 on pci0
pci1: <acpi pci="" bus="">on pcib1
re0: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0x1000-0x10ff mem 0xf7a00000-0xf7a00fff,0xf7900000-0xf7903fff irq 16 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x2c000000
re0: MAC rev. 0x00200000
miibus0: <mii bus="">on re0
rgephy0: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface="">PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: 00:xx:xx:xx:xx:74
re0: netmap queues/slots: TX 1/256, RX 1/256
pcib2: <acpi pci-pci="" bridge="">irq 17 at device 5.0 on pci0
pci2: <acpi pci="" bus="">on pcib2
re1: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0x2000-0x20ff mem 0xf7c00000-0xf7c00fff,0xf7b00000-0xf7b03fff irq 17 at device 0.0 on pci2
re1: Using 1 MSI-X message
re1: ASPM disabled
re1: Chip rev. 0x2c000000
re1: MAC rev. 0x00200000
miibus1: <mii bus="">on re1
rgephy1: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface="">PHY 1 on miibus1
rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re1: Using defaults for TSO: 65518/35/2048
re1: Ethernet address: 00:xx:xx:xx:xx:75
re1: netmap queues/slots: TX 1/256, RX 1/256
pcib3: <acpi pci-pci="" bridge="">irq 18 at device 6.0 on pci0
pci3: <acpi pci="" bus="">on pcib3
re2: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0x3000-0x30ff mem 0xf7e00000-0xf7e00fff,0xf7d00000-0xf7d03fff irq 18 at device 0.0 on pci3
re2: Using 1 MSI-X message
re2: ASPM disabled
re2: Chip rev. 0x2c000000
re2: MAC rev. 0x00200000
miibus2: <mii bus="">on re2
rgephy2: <rtl8169s 8211="" 8110s="" 1000base-t="" media="" interface="">PHY 1 on miibus2
rgephy2:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re2: Using defaults for TSO: 65518/35/2048
re2: Ethernet address: 00:xx:xx:xx:xx:76
re2: netmap queues/slots: TX 1/256, RX 1/256
ahci0: <amd sb7x0="" sb8x0="" sb9x0="" ahci="" sata="" controller="">port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xf7f04000-0xf7f043ff irq 19 at device 17.0 on pci0
ahci0: AHCI v1.20 with 6 6Gbps ports, Port Multiplier supported
ahci0: quirks=0x22000 <ati_pmp_bug,1msi>ahcich0: <ahci channel="">at channel 0 on ahci0
ahcich1: <ahci channel="">at channel 1 on ahci0
ahcich2: <ahci channel="">at channel 2 on ahci0
ahcich3: <ahci channel="">at channel 3 on ahci0
ahcich4: <ahci channel="">at channel 4 on ahci0
ahcich5: <ahci channel="">at channel 5 on ahci0
ohci0: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f00000-0xf7f00fff irq 18 at device 18.0 on pci0
usbus0 on ohci0
ehci0: <amd sb7x0="" sb8x0="" sb9x0="" usb="" 2.0="" controller="">mem 0xf7f04400-0xf7f044ff irq 17 at device 18.2 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
ohci1: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f01000-0xf7f01fff irq 18 at device 19.0 on pci0
usbus2 on ohci1
ehci1: <amd sb7x0="" sb8x0="" sb9x0="" usb="" 2.0="" controller="">mem 0xf7f04500-0xf7f045ff irq 17 at device 19.2 on pci0
usbus3: EHCI version 1.0
usbus3 on ehci1
isab0: <pci-isa bridge="">at device 20.3 on pci0
isa0: <isa bus="">on isab0
pcib4: <acpi pci-pci="" bridge="">at device 20.4 on pci0
pci4: <acpi pci="" bus="">on pcib4
ohci2: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f02000-0xf7f02fff irq 18 at device 20.5 on pci0
usbus4 on ohci2
pcib5: <acpi pci-pci="" bridge="">at device 21.0 on pci0
pci5: <acpi pci="" bus="">on pcib5
ohci3: <amd sb7x0="" sb8x0="" sb9x0="" usb="" controller="">mem 0xf7f03000-0xf7f03fff at device 22.0 on pci0
usbus5 on ohci3
ehci2: <amd sb7x0="" sb8x0="" sb9x0="" usb="" 2.0="" controller="">mem 0xf7f04600-0xf7f046ff at device 22.2 on pci0
usbus6: EHCI version 1.0
usbus6 on ehci2
acpi_button0: <power button="">on acpi0
orm0: <isa option="" rom="">at iomem 0xee800-0xeffff on isa0
gpioapu0: Environment returned APU
gpioapu0: Address on reg 0x24 is 0xfed80000/4275568640
gpioapu0 at iomem 0xfed80100-0xfed801ff on isa0
ppc0: cannot reserve I/O port range
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
Timecounters tick every 1.000 msec
random: unblocking device.
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 480Mbps High Speed USB v2.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 480Mbps High Speed USB v2.0
ugen0.1: <ati>at usbus0
uhub0: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
ugen1.1: <ati>at usbus1
uhub1: <ati 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus1
ugen2.1: <ati>at usbus2
uhub2: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus2
ugen3.1: <ati>at usbus3
uhub3: <ati 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus3
usbus4: 12Mbps Full Speed USB v1.0
usbus5: 12Mbps Full Speed USB v1.0
usbus6: 480Mbps High Speed USB v2.0
ugen4.1: <ati>at usbus4
uhub4: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus4
ugen5.1: <ati>at usbus5
uhub5: <ati 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus5
ugen6.1: <ati>at usbus6
uhub6: <ati 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus6
uhub4: 2 ports with 2 removable, self powered
uhub0: 5 ports with 5 removable, self powered
uhub2: 5 ports with 5 removable, self powered
uhub5: 4 ports with 4 removable, self powered
uhub6: 4 ports with 4 removable, self powered
uhub1: 5 ports with 5 removable, self powered
uhub3: 5 ports with 5 removable, self powered
ugen6.2: <generic>at usbus6
umass0: <generic 0="" 2="" flash="" card="" readerwriter,="" class="" 0,="" rev="" 2.01="" 1.00,="" addr="">on usbus6
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <kingston sms200s360g="" 603abbf0="">ATA8-ACS SATA 3.x device
ada0: Serial Number 500xxB7xxxx7Fxx6
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 57241MB (117231408 512 byte sectors)
ada0: Previously was known as ad4
da0 at umass-sim0 bus 0 scbus6 target 0 lun 0
da0: <multiple card ="" reader="" 1.00="">Removable Direct Access SPC-2 SCSI device
da0: Serial Number 058Fxxx66485
da0: 40.000MB/s transfers
da0: Attempt to query device size failed: NOT READY, Medium not present
da0: quirks=0x2 <no_6_byte>SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 1000022612 Hz quality 800
Trying to mount root from ufs:/dev/ufsid/540d00482592bf04 [rw]...
padlock0: No ACE support.
aesni0: No AESNI support.
re1: link state changed to DOWN
re0: link state changed to DOWN
tun2: changing name to 'ovpns2'
ovpns2: link state changed to UP
pflog0: promiscuous mode enabled
re0: link state changed to UP
re1: link state changed to UP
re2: link state changed to DOWN
re0: link state changed to DOWN
re0: link state changed to UP
/code]</no_6_byte></multiple></kingston></generic></generic></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></ati></isa></power></amd></amd></acpi></acpi></amd></acpi></acpi></isa></pci-isa></amd></amd></amd></amd></ahci></ahci></ahci></ahci></ahci></ahci></ati_pmp_bug,1msi></amd></rtl8169s></mii></realtek></acpi></acpi></rtl8169s></mii></realtek></acpi></acpi></rtl8169s></mii></realtek></acpi></acpi></acpi></acpi></high></at></at></acpi></acpi></core></software></version></software,></core ></lahf,cmp,svm,extapic,cr8,abm,sse4a,mas,prefetch,ibs,skinit,wdt></syscall,nx,mmx+,ffxsr,page1gb,rdtscp,lm></sse3,mon,ssse3,cx16,popcnt></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>
                          1 Reply Last reply Reply Quote 0
                          • M MordyT referenced this topic on
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.