Certificate Error Expired
-
Getting this is the GUI
Certificate Manager
The following CA/Certificate entries are expiring: Certificate: webConfigurator default (5572f4715149c) (5572f4715149c): Expired 85 days ago @ 2021-02-20 03:01:00
-
@cool_corona
I also started getting warnings about the webconfigurator cert being expired after updating to 2.5. I wasn't able to get the renew option in the cert manager to work, so I did it via the menu (console/ssh).
Go to option 12 from the menu, then type
playback generateguicert
when it finishes, type exit.
I then went back into cert manager and deleted the old cert. -
@dotdash Thanks - this worked for me as I had the exact same issue across four systems after update to 2102.
-
In 2.5.0 you can also renew certificates in the GUI, but for the default GUI cert it's probably better to create a fresh one using that script.
-
@jimp Tried the GUI to renew the certificate but it errored out. The console playback script worked just fine.
I had a related problem where one of the old certificates I deleted was assigned to Unbound. Unbound crashed until I assigned it the newly created GUI cert and restarted the service.
-
@dotdash You are the best! Couldnt get it to work in FF before this... no matter what.
Had to revert to IE to get it going in the GUI. Until now.
Where shall I send my gratitude??
-
@cool_corona
Just pay it forward.I tried about every combination of options in the GUI and it always errored out. I expect that's because I've updated/restored so many times. The cert probably dated back to 2.0 if not 1.2.3
-
Just a heads up that I ran into an issue of Unbound not starting after updating the GUI certificate. To fix it I had to go into the Unbound settings and click save after updating the certificate. The Unbound settings had already selected the new certificate automatically (it was the only one on the system), but apparently the settings needed to be saved in order to get unbound up and running again.
-
huh? Why/How would unbound be using the webgui cert? Just because its listed there in a "possible" cert you could use if you enabled dot in unbound to use for people that query it - doesn't mean its actually used..
You sure wouldn't want it using your default selfsigned webgui cert..