Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgraded from 2.1.4 to 2.2.2 and unbound wont start

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    8 Posts 6 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      router_wang
      last edited by

      From the unbound log:

      Apr 19 20:28:56 unbound: [17488:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
      Apr 19 20:28:56 unbound: [17488:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
      Apr 19 20:28:56 unbound: [17488:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
      Apr 19 20:28:56 unbound: [17488:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
      Apr 19 20:28:56 unbound: [17488:0] fatal error: could not set up remote-control
      Apr 19 20:34:32 unbound: [45912:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
      Apr 19 20:34:32 unbound: [45912:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
      Apr 19 20:34:32 unbound: [45912:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
      Apr 19 20:34:32 unbound: [45912:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
      Apr 19 20:34:32 unbound: [45912:0] fatal error: could not set up remote-control
      Apr 19 21:18:40 unbound: [73417:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
      Apr 19 21:18:40 unbound: [73417:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
      Apr 19 21:18:40 unbound: [73417:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
      Apr 19 21:18:40 unbound: [73417:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
      Apr 19 21:18:40 unbound: [73417:0] fatal error: could not set up remote-control
      Apr 19 21:18:55 unbound: [85251:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
      Apr 19 21:18:55 unbound: [85251:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
      Apr 19 21:18:55 unbound: [85251:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
      Apr 19 21:18:55 unbound: [85251:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
      Apr 19 21:18:55 unbound: [85251:0] fatal error: could not set up remote-control

      From the system log:
      Apr 19 21:26:47 login: pam_start(): system error
      Apr 19 21:26:47 login: pam_start(): system error
      Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:47 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:47 login: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:47 login: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:47 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
      Apr 19 21:26:47 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
      Apr 19 21:26:47 login: pam_start(): system error
      Apr 19 21:26:47 login: pam_start(): system error
      Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:48 init: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:48 login: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:48 login: _secure_path: /etc/login.conf is not owned by root
      Apr 19 21:26:48 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
      Apr 19 21:26:48 login: in openpam_check_desc_owner_perms(): /etc/pam.d/login: insecure ownership or permissions
      Apr 19 21:26:48 login: pam_start(): system error
      Apr 19 21:26:48 login: pam_start(): system error
      Apr 19 21:26:48 init: getty repeating too quickly on port /dev/ttyu0, sleeping 30 secs
      Apr 19 21:26:48 init: getty repeating too quickly on port /dev/ttyu0, sleeping 30 secs

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Did you have unbound installed as a package when you did the upgrade?

        1 Reply Last reply Reply Quote 0
        • R
          router_wang
          last edited by

          @kejianshi:

          Did you have unbound installed as a package when you did the upgrade?

          No, it was not installed before the upgrade.

          1 Reply Last reply Reply Quote 0
          • J
            jasonr
            last edited by

            Check for incorrect users.  /etc was owned by 1001.

            I had to chown -R root:wheel /etc/ in the GUI to get ssh and console to work.

            It also got rid of all the error messages in sys log

            1 Reply Last reply Reply Quote 0
            • D
              divsys
              last edited by

              Please do not suggest that people start messing with user rights in the base file system!

              I saw in a previous post that you seem to have solved your problem with

              I had to chown -R root:wheel /etc/ in the GUI to get ssh and console to work.

              It also got rid of all the error messages in sys log

              But that is likely due to some other rather unorthodox errors in your system. it's not a generally good or advisable thing to be doing under pfSense.

              Frankly, I wouldn't typically trust an install that was run under those conditions.
              It's very possible you've created other issues that may end badly for you now or in the future.

              As someone else suggested, you'd be better off with a fresh install and restoring a previous config.

              Sorry for the thread drift…  :P

              -jfp

              1 Reply Last reply Reply Quote 0
              • M
                mhab12
                last edited by

                Bump.  Same exact issue here.  SSH and DNSMasq are also unwilling to start after the upgrade.  Hesitant to manually modify permissions but this seems to be what broke during upgrade.  Is there anyway to do a clean re install of 2.2.2 via the GUI to fix the permission errors?  This is an embedded system and I really don't want to open it up to flash the card, very annoying.

                1 Reply Last reply Reply Quote 0
                • P
                  phil.davis
                  last edited by

                  Perhaps this file owner and permissions thing is the same as:
                  https://forum.pfsense.org/index.php?topic=92712.msg514140#msg514140

                  and this thread:
                  https://forum.pfsense.org/index.php?topic=92782.msg514463#msg514463

                  and re-applying the update using the latest full update files at http://files.atx.pfsense.org/mirror/updates/ will put everything correctly in place.

                  As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                  If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                  1 Reply Last reply Reply Quote 0
                  • R
                    router_wang
                    last edited by

                    @phil.davis:

                    Perhaps this file owner and permissions thing is the same as:
                    https://forum.pfsense.org/index.php?topic=92712.msg514140#msg514140

                    and this thread:
                    https://forum.pfsense.org/index.php?topic=92782.msg514463#msg514463

                    and re-applying the update using the latest full update files at http://files.atx.pfsense.org/mirror/updates/ will put everything correctly in place.

                    Thanks Phil, I did not get a chance to try this. I already went onsite and did a reinstall and then config restore and it works like a champ. I'll remember this for next time, but hopefully there wont be a next time….

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.