Bug when cron renew certificate

pulcov

Hi.

I have an issue with acme cron renew. When cron try to renew certificate, pfSense crash reporter generate new report :

Crash report begins.  Anonymous machine information:

amd64
11.2-RELEASE-p3
FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018     root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[20-Nov-2018 03:16:00 Europe/Paris] PHP Fatal error:  Uncaught Error: Class 'pfsense_pkg\acme\acme_sh_domain' not found in /usr/local/pkg/acme/acme.inc:970
Stack trace:
#0 /usr/local/pkg/acme/acme.inc(838): pfsense_pkg\acme\issue_certificate('**************', false)
#1 /usr/local/pkg/acme/acme_command.sh(26): pfsense_pkg\acme\renew_all_certificates(false)
#2 {main}
  thrown in /usr/local/pkg/acme/acme.inc on line 970


No FreeBSD crash data found.

If i start renew in web UI, that's work without any error.

Would anyone have an idea about this ?

Thanks

Gertjan

Hi,

Can you detail your setup and version ?

The script "/usr/local/pkg/acme/acme.inc" includes /usr/local/pkg/acmeacme_sh.inc where the class "/usr/local/pkg/acme" is defined.

pulcov

Hi,

Thanks for reply.

PfSense : 2.4.4
Acme package : 0.3.2_4

pulcov

Gertjan

@pulcov said in Bug when cron renew certificate:

PfSense : 2.4.4
Acme package : 0.3.2_4

Ok, these are the latest.

Now, the setup, like "what is your methed ?", etc.

Btw : my "acme" will renew my wild card cert the 25, that 4 days from now. I'll post back with results, if needed. The acme package works fine for me for more the a year already.

pulcov

Ok, it's strange. I found the bug but I do not understand why I'm the only one to have it.

If i start the same command launched by cron (/usr/local/pkg/acme/acme_command.sh) i have an error.
But if i start this command into the acme folder (/usr/local/pkg/acme/) that's work.

I have changed my script acme_command.sh by adding chdir. Now issue is fixed :

#!/usr/local/bin/php -f
<?php
namespace pfsense_pkg\acme;

chdir(dirname(__FILE__));

include_once("config.lib.inc");
include_once("acme.inc");

$command = $argv[1];

jimp

Which DNS update method are you using there?

I have a couple dozen systems all using cron and they all update fine. I suspect it may be an issue in the specific update method script being called there.

Gertjan

For info : my acme wild card cert for pfSense was renewed as usual last November 25th.
Using the nsupdate method btw.

pulcov

Hi,

I'm sorry for my late response. I'm using DNS-NSupdate / RFC 2136 update method.

jimp

That's the only method I use, and all of them are working perfectly here.