Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to access web gui after renewing certificate

    webGUI
    4
    11
    991
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikej47
      last edited by

      Hello,

      I kept receiving alerts indicating my webConfigurator certificate was about to expire.
      I went into the certificates section of my Pfsense device and renewed it.

      Now when I try to access the device via web gui I receive the following error (ip redacted):
      92.168.x.x normally uses encryption to protect your information. When Chrome tried to connect to 192.168.x.x this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 192.168.x.x, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

      You cannot visit 192.168.x.x right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

      I have shell access to the Pfsense.
      I restarted the webConfigurator and that did not help.

      Can someone please help me regain use of the web gui?

      Thank you in advance.

      GertjanG S johnpozJ 3 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @mikej47
        last edited by

        @mikej47

        Several things to test :
        Use another browser.
        Read Troubleshooting Access when Locked Out of the Firewall.

        @mikej47 said in Unable to access web gui after renewing certificate:

        webConfigurator certificate was about to expire.

        I've found : webConfigurator certificate expiring - or check the pfSense documentation.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @mikej47
          last edited by

          @mikej47 I believe this is the one where you have to type”thisisunsafe” blind into the error page so Chrome will proceed.

          Or try Firefox. ;)

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          M 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @mikej47
            last edited by

            @mikej47 this is most likely a browser issue, not liking that something changed with the cert.. Turn off HSTS (HTTP Strict-Transport-Security)

            Not a chrome user, so look to what you have to do.

            Are you trying to access it via http vs https

            normally uses encryption to protect your information

            you could try resetting your lan IP, can just change it to what it currently is - but this should ask if you want to revert to just http on the gui.. Once your in you can redo the https setup, etc

            2024-07-07_121625.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            M 1 Reply Last reply Reply Quote 0
            • M
              mikej47 @SteveITS
              last edited by

              @SteveITS
              Yes, I found when I type "thisisunsafe" in Chrome I am allowed through the warning and can login.

              Do you know if there is a better fix for this besides using Firefox?

              S 1 Reply Last reply Reply Quote 0
              • M
                mikej47 @johnpoz
                last edited by

                @johnpoz
                It appears to be a issue with the cert and Chromium based browsers.
                I can get past the warning in Chrome by typing "thisisunsafe".
                It's tempting to try and do the whole https setup again but I have a feeling I will end up with the same issue, maybe not.

                I only use https, nothing unsecure.

                I will try renewing the webconf cert in a lab vm and see if I get the same issue and play around with it.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • S
                  SteveITS Galactic Empire @mikej47
                  last edited by

                  @mikej47 John has a point, in System/Advanced/Admin try checking "Disable HTTP Strict Transport Security." If that's the issue you may need to delete you cache for the router "site" to get it to take effect. (or use incognito)

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote 👍 helpful posts!

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @mikej47
                    last edited by johnpoz

                    @mikej47 I don't get the issue in chrome, or any browser I use because I use a cert created with CA in pfsense and set chrome to trust my CA..

                    chrome.jpg

                    Cert also has rfc1918 san, and other names - so you can access it via different fqdn or IP even without browser having a hissy fit.

                    san.jpg

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      mikej47 @johnpoz
                      last edited by

                      @johnpoz
                      Than you for sharing.
                      Certs aren't my strong suit.
                      I don't see where I can export the root CA cert from my pfsense so I can install it and have it trusted.

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @mikej47
                        last edited by johnpoz

                        @mikej47 you would create another CA, and then sign a cert.. You then export the CA and trust it in your browser..

                        here this old post of mine should give you the how to

                        https://forum.netgate.com/post/831783

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        M 1 Reply Last reply Reply Quote 1
                        • M
                          mikej47 @johnpoz
                          last edited by

                          @johnpoz Thank you!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.