can't login to GUI after trying to use HTTPS

Rich W.

I've been successfully running 2.7.1 (CE) for some time now to secure my home LAN. The other night, I tried to reconfigure the pfSense web GUI to use HTTPS instead of HTTP. It didn't work (not totally sure why), so I changed the setting back to log in to the GUI via HTTP.

Now, though, I can't log in to the GUI at all. I can get to the login screen (via HTTP), but if I try to log in (as "admin"), it stays on the login screen (instantly clearing the user and password fields) without showing me the GUI even momentarily.

I've rebooted my firewall hardware (power off / power on), but this doesn't help. The firewall appliance itself does come up and works just fine, but I won't be able to reconfigure any settings because I can no longer log in to the GUI.

If I go into the command line interface from a Linux xterm window (via SSH) and watch as I try logging in to the GUI from a browser, I get a log message like this in the SSH session (mirrored in /var/log/system.log)::

php-fpm[55500]: /index.php: Successful login for user 'admin' from: 10.0.229.157 (Local Database)

but I've looked at the log files in the /var/log directory and I'm not seeing any other messages anywhere that might explain why every login attempt keeps me on the login screen without any trace of the GUI.

FWIW, the entry in /etc/passwd for the "admin" account says the following, which I assume is what it should be:

admin:*:0:0:System Administrator:/root:/etc/rc.initial

and neither the /etc/rc.initial file, nor any other /etc/rc.* files, have been modified.

Any suggestions? Note that because I can't get into the GUI, I assume I would need to manually edit some file(s) on the firewall using the SSH CLI. I'm familiar with FreeBSD and Linux, but I don't know my way around the pfSense code, so I'm not willing to touch anything unless someone can tell me exactly what to do.

I do have a second mini-PC, identical to my current production firewall appliance, and as a last resort I should be able to reinstall pfSense on this second box and restore a recently saved configuration, but this would be a major pain and I don't want to go there unless I absolutely have no other option.

Gertjan

A more general check-list with tips : Troubleshooting GUI Connectivity.
There is also a help guide that re inits the password, and while doing so, reset the web GUI settings back to 'http'.

My own contribution, as you have console / SSH access :

15) Restore recent configuration

and pick the config you has right before the password change.
That will take care of things ^^

Btw : You're right, we all use the https access the first time we access the GUI.
Then we switch over to https ... discover that our browser yell because the cert is self signed (normal), tell our browser to accept it anyway (or even : install the cert in the browser and now it will accept it without complaining or get a domaine name, have it signed, and use that as your pfSense GUI cert.

I was joking of course. http works just fine, as long as you trust the cable that goes from your PC to pfSense. Make it a short one, and all will be fine.

tinfoilmatt

Make sure you're using a browser in non-cached mode; that it's not enforcing HTTPS-only connections; and that you check, double-check, and triple-check the URL you mean to have entered (and whether it's been modified by the browser 'automagically') in the address bar.

Edited-to-add: Avoid Edge, Safari, and Chrome. If using a 'privacy-friendly' browser like Brave or Librewolf, make sure it's not trying to—'assist' in any kind of way. Browser extensions like uBlock Origin should be disabled for the webConfigurator's URL.

Rich W.

Clearing my browser cache did the trick. I'm OK now. Thanks to everyone for their feedback.