Bug when cron renew certificate



  • Hi.

    I have an issue with acme cron renew. When cron try to renew certificate, pfSense crash reporter generate new report :

    Crash report begins.  Anonymous machine information:
    
    amd64
    11.2-RELEASE-p3
    FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018     root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense
    
    Crash report details:
    
    PHP Errors:
    [20-Nov-2018 03:16:00 Europe/Paris] PHP Fatal error:  Uncaught Error: Class 'pfsense_pkg\acme\acme_sh_domain' not found in /usr/local/pkg/acme/acme.inc:970
    Stack trace:
    #0 /usr/local/pkg/acme/acme.inc(838): pfsense_pkg\acme\issue_certificate('**************', false)
    #1 /usr/local/pkg/acme/acme_command.sh(26): pfsense_pkg\acme\renew_all_certificates(false)
    #2 {main}
      thrown in /usr/local/pkg/acme/acme.inc on line 970
    
    
    No FreeBSD crash data found.
    

    If i start renew in web UI, that's work without any error.

    Would anyone have an idea about this ?

    Thanks



  • Hi,

    Can you detail your setup and version ?

    The script "/usr/local/pkg/acme/acme.inc" includes /usr/local/pkg/acmeacme_sh.inc where the class "/usr/local/pkg/acme" is defined.



  • Hi,

    Thanks for reply.

    PfSense : 2.4.4
    Acme package : 0.3.2_4



  • 0_1542812304484_81781e4f-ec51-4427-84ac-4cd2d50d369b-image.png



  • @pulcov said in Bug when cron renew certificate:

    PfSense : 2.4.4
    Acme package : 0.3.2_4

    Ok, these are the latest.

    Now, the setup, like "what is your methed ?", etc.

    Btw : my "acme" will renew my wild card cert the 25, that 4 days from now. I'll post back with results, if needed. The acme package works fine for me for more the a year already.



  • Ok, it's strange. I found the bug but I do not understand why I'm the only one to have it.

    If i start the same command launched by cron (/usr/local/pkg/acme/acme_command.sh) i have an error.
    But if i start this command into the acme folder (/usr/local/pkg/acme/) that's work.

    I have changed my script acme_command.sh by adding chdir. Now issue is fixed :

    #!/usr/local/bin/php -f
    <?php
    namespace pfsense_pkg\acme;
    
    chdir(dirname(__FILE__));
    
    include_once("config.lib.inc");
    include_once("acme.inc");
    
    $command = $argv[1];
    

  • Rebel Alliance Developer Netgate

    Which DNS update method are you using there?

    I have a couple dozen systems all using cron and they all update fine. I suspect it may be an issue in the specific update method script being called there.



  • For info : my acme wild card cert for pfSense was renewed as usual last November 25th.
    Using the nsupdate method btw.



  • Hi,

    I'm sorry for my late response. I'm using DNS-NSupdate / RFC 2136 update method.


  • Rebel Alliance Developer Netgate

    That's the only method I use, and all of them are working perfectly here.