Snapshot on 11th Jan 2011 GUI not work
-
Me too. I am using self-signed cert.ย By the way, anyway to check the startup log for the httpd?
Thanks. -
Me too
after this update pfSense-2.0-BETA5-amd64-20110111-1024 HTTPS webgui stopped working. If I edit config file it starts working in HTTP
tried starting by hand
[2.0-BETA5][root@fw.site]/root(1): lighttpd -f /var/etc/lighty-webConfigurator.conf 2011-01-13 12:41:13: (network.c.565) SSL: error:00000000:lib(0):func(0):reason(0) /var/etc/ca.pem [2.0-BETA5][root@fw.site]/root(2): uname -a FreeBSD fw.site 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #1: Wed Jan 12 23:11:04 EST 2011 ย ย root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 ย amd64
opened a ticket http://redmine.pfsense.org/issues/1188
-
Also happened to me on 2.0-BETA5 (i386) built on Thu Jan 13 02:45:05 EST 2011.
Was able to edit config.xml to accept http connections and regain access. -
I think I may have an idea of what might be happening. Hopefully the next snapshot should be OK.
-
So, JimP, the 14th's early morning snap should fix the problem with the web gui?
-
I'm not entirely sure, but it's worth trying.
-
Accessing the gui over https is working again for me using 2.0-BETA5 (i386) built on Thu Jan 13 19:33:19 EST 2011.
Thanks jimp! -
I just tried the build now.. still failed.
Thanks. -
Doesn't work for me either?
-
What errors are showing up in the system log now? What about /var/log/lighttpd.error.log?
-
System Log
Jan 14 10:23:53 php: /system_advanced_admin.php: webConfigurator configuration has changed. Restarting webConfigurator. Jan 14 10:23:53 check_reload_status: webConfigurator restart in progress Jan 14 10:23:55 php: : The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2011-01-14 10:23:55: (network.c.565) SSL: error:00000000:lib(0):func(0):reason(0) /var/etc/ca.pem' Jan 14 10:23:55 php: : Creating rrd update script Jan 14 10:25:14 check_reload_status: syncing firewall
/var/log/lighttpd.error.log
2011-01-14 10:17:40: (log.c.166) server started 2011-01-14 10:17:46: (log.c.166) server started 2011-01-14 10:23:55: (log.c.166) server started 2011-01-14 10:25:18: (log.c.166) server started 2011-01-14 10:25:20: (log.c.166) server started
-
I've been able to work around this by commenting out the following line from /var/etc/lighty-webConfigurator.conf:
ssl.ca-file = "/var/etc/ca.pem"
Then, restarting lighttpd:
lighttpd -f /var/etc/lighty-webConfigurator.conf
It appears that the CA cert / key pair do not survive.
-
That's the thing, with the default webgui cert there is no ca, so that line isn't there. I have no such line on mine.
-
Does /var/etc/ca.pem exist? If it does, is it empty? Or does it actually have the ca certificate in it?
-
When this issue occurs, the file ("/var/etc/ca.pem") exists and is empty.ย I think this is only an issue if you create your own CA and subsequently a certificate for use with the webgui.
-
When you do "ls -l /var/etc/ca.pem" does it show as 0 bytes, or does it actually have some (blank) content in it like spaces or blank lines?
-
I've made a cert from an existing CA and used it and it was OK, and I made a fresh CA and cert and used it and it was still OKโฆ so if there is something happening it's likely related to your config in some way.
I can add some extra safety belts around writing out the CA. It already checks if it's empty (as in empty string, "") but it should probably actually be using php's empty() call instead.
-
I can't seem to reproduce this now, but IIRC, the file was 0 bytes.
-
That's the thing, with the default webgui cert there is no ca, so that line isn't there. I have no such line on mine.
JimP, like you, I have no such line in my /var/etc/lighty-webConfigurator.conf
-
JimP, like you, I have no such line in my /var/etc/lighty-webConfigurator.conf
To get the error you posted earlier, you have to have the ca line in the lighty config. If it wasn't there, you wouldn't get the error about ca.pem.