Can't login to GUI
-
@SteveITS said in Can't login to GUI:
I cannot log in using just "router-building"...no error but I can't get past the login page.
When I fire up a bowser and type just this + enter :
it will shows this :
I presume the browser correctly, presumes that I wanted to search for the term 'pfsense' as 'pfsense' by itself is an invalid URL.
Btw : while typing pfsense, my browser will auto complete to form a possible correct URL :
Using just this :
@SteveITS said in Can't login to GUI:
"router-building"
can't be right as "router-building" isn't listed like "router-building" in the certificate used by pfSense.
"router-building", like my "pfsense" is an invalid URL.Anyway, I'm still a bit puzzled why you would see a login pfSense page - so DNS resolving went fine - but you can't login.
Check with browser dev tools to see what it is posting to the server ?Did you have a look at the /var/log/nginx.log (web server log).
Ask it to show more details here (log settings page) :
-
@Gertjan said in Can't login to GUI:
can't be right as "router-building" isn't listed like "router-building" in the certificate used by pfSense.
"router-building", like my "pfsense" is an invalid URL.Windows will resolve partial hostnames even if "dig" will not. It appends the configured default domain to the query. If you enter "https://pfsense" instead, your browser shouldn't search for that as a search string.
The cert fails validation but as a self-signed cert it fails for any other hostname anyway.
Errors are logged already, there just aren't any.
To be clear I don't really think this is a pfSense issue, but I have no idea what could be causing it. It was fine for a decade or more and then stopped working. The PHPSESSID cookie value does change between logins, but that happens using other hostnames also.
I guess I'll let it sit a while and use other hostnames, maybe it will fix itself like it broke itself.
-
@SteveITS said in Can't login to GUI:
Windows will resolve partial hostnames even if "dig" will not.
Yeah, right (
)
When you do a nslookup and you type in "facebook.com"
it will do an initial DNS request like like www.facebook.your-local-domain.tld. first (you can see this one it in the DNS pfSense logs).
It took me a while (years actually) before I got it : asking for "facebook.com" is wrong
A host name 'must' end with a dot, so when I ask for "facebook.com." (you saw the ending dot ?) the local domain part will not be added. nslookup can correct us ^^@SteveITS said in Can't login to GUI:
The cert fails validation but as a self-signed cert it fails for any other hostname anyway.
Well, h#ll no, you are the boss, not your bowser.
The Johnpoz story (he has some good posts about this subject) goes like this : when you create a certificate for your pfsense on your pfSEnse, you have to create your own CA first.
Then you make your cert (thrown in all the good host names while doing so !!) in it, and have it signed by your pfSense created CA.
And yes, your browser doesn't know, so doesn't trust, your pfSense cert, as it doesn't know the signing CA.
With one click you can change that ! ( this is the boss action )
You can export the CA from pfSense and import it into your PC, into the PC cert store.
And from now on, your browser will trust your self signed certificate.( START : or go the official way : rent a domain name. Use it for your internal pfsense network use. Get a certificate for, this domain name, with the help of Lets-encrypt) and use this certificate for your pfSense GUI, and why not, all your other GUI based other LAN devices.
No more certificate errors errors - everything automated.
True, this is not free, neither very KIS, but as I have to host a captive portal as a hotel, and http site can't be used anymore, I had to have a trusted https server anyway (the captive portal web server) so I had to get my hand on a trusted certificate anyway END ) -
@Gertjan said in Can't login to GUI:
The Johnpoz story
He posted his 'story' just a couple of minutes ago : https://forum.netgate.com/topic/195900/ssl-certifications-not-trusted-on-my-system/41?_=1736352508256
