Upgraded from 2.1.4 to 2.2.2 and unbound wont start



  • From the unbound log:

    Apr 19 20:28:56 unbound: [17488:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
    Apr 19 20:28:56 unbound: [17488:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
    Apr 19 20:28:56 unbound: [17488:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
    Apr 19 20:28:56 unbound: [17488:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
    Apr 19 20:28:56 unbound: [17488:0] fatal error: could not set up remote-control
    Apr 19 20:34:32 unbound: [45912:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
    Apr 19 20:34:32 unbound: [45912:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
    Apr 19 20:34:32 unbound: [45912:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
    Apr 19 20:34:32 unbound: [45912:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
    Apr 19 20:34:32 unbound: [45912:0] fatal error: could not set up remote-control
    Apr 19 21:18:40 unbound: [73417:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
    Apr 19 21:18:40 unbound: [73417:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
    Apr 19 21:18:40 unbound: [73417:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
    Apr 19 21:18:40 unbound: [73417:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
    Apr 19 21:18:40 unbound: [73417:0] fatal error: could not set up remote-control
    Apr 19 21:18:55 unbound: [85251:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
    Apr 19 21:18:55 unbound: [85251:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
    Apr 19 21:18:55 unbound: [85251:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
    Apr 19 21:18:55 unbound: [85251:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
    Apr 19 21:18:55 unbound: [85251:0] fatal error: could not set up remote-control

    From the system log:
    Apr 19 21:26:47 login: pam_start(): system error
    Apr 19 21:26:47 login: pam_start(): system error
    Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:47 login: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:47 login: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:47 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
    Apr 19 21:26:47 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
    Apr 19 21:26:47 login: pam_start(): system error
    Apr 19 21:26:47 login: pam_start(): system error
    Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:48 login: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:48 login: _secure_path: /etc/login.conf is not owned by root
    Apr 19 21:26:48 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
    Apr 19 21:26:48 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
    Apr 19 21:26:48 login: pam_start(): system error
    Apr 19 21:26:48 login: pam_start(): system error
    Apr 19 21:26:48 init: getty repeating too quickly on port /dev/ttyu0, sleeping 30 secs
    Apr 19 21:26:48 init: getty repeating too quickly on port /dev/ttyu0, sleeping 30 secs



  • Did you have unbound installed as a package when you did the upgrade?



  • @kejianshi:

    Did you have unbound installed as a package when you did the upgrade?

    No, it was not installed before the upgrade.



  • Check for incorrect users.  /etc was owned by 1001.

    I had to chown -R root:wheel /etc/ in the GUI to get ssh and console to work.

    It also got rid of all the error messages in sys log



  • Please do not suggest that people start messing with user rights in the base file system!

    I saw in a previous post that you seem to have solved your problem with

    I had to chown -R root:wheel /etc/ in the GUI to get ssh and console to work.

    It also got rid of all the error messages in sys log

    But that is likely due to some other rather unorthodox errors in your system. it's not a generally good or advisable thing to be doing under pfSense.

    Frankly, I wouldn't typically trust an install that was run under those conditions.
    It's very possible you've created other issues that may end badly for you now or in the future.

    As someone else suggested, you'd be better off with a fresh install and restoring a previous config.

    Sorry for the thread drift…  :P



  • Bump.  Same exact issue here.  SSH and DNSMasq are also unwilling to start after the upgrade.  Hesitant to manually modify permissions but this seems to be what broke during upgrade.  Is there anyway to do a clean re install of 2.2.2 via the GUI to fix the permission errors?  This is an embedded system and I really don't want to open it up to flash the card, very annoying.



  • Perhaps this file owner and permissions thing is the same as:
    https://forum.pfsense.org/index.php?topic=92712.msg514140#msg514140

    and this thread:
    https://forum.pfsense.org/index.php?topic=92782.msg514463#msg514463

    and re-applying the update using the latest full update files at http://files.atx.pfsense.org/mirror/updates/ will put everything correctly in place.



  • @phil.davis:

    Perhaps this file owner and permissions thing is the same as:
    https://forum.pfsense.org/index.php?topic=92712.msg514140#msg514140

    and this thread:
    https://forum.pfsense.org/index.php?topic=92782.msg514463#msg514463

    and re-applying the update using the latest full update files at http://files.atx.pfsense.org/mirror/updates/ will put everything correctly in place.

    Thanks Phil, I did not get a chance to try this. I already went onsite and did a reinstall and then config restore and it works like a champ. I'll remember this for next time, but hopefully there wont be a next time….


Log in to reply