Hello all,
i created a root ca and a pem outside of opnsense and managed to botch my Opnsense Web UI.
Edge complains with the helpful ERR_SSL_PROTOCOL_ERROR
Librewolf (FF Fork ) says SSL_ERROR_INTERNAL_ERROR_ALERT
curl -k from an other linux box works
How can I roll back to the defaults ?
I tried
configctl webgui restart renew
But nothing changed .
Many thanks for any pointer !
Norbert
Login with ssh or on the console and select option 13 (Restore a backup)?
Quote from: dseven on November 28, 2024, 01:00:35 PM
Login with ssh or on the console and select option 13 (Restore a backup)?
Unfortunately the change was a long time ago and this is quite risky because it would overwrite any changes.
In theory I just have to simulate
System: Settings: Administration: SSL Certificate
But how ?
I suppose you could try editting /conf/config.xml , but at your own risk!
The cert is referenced at opnsense -> system -> webgui -> ssl-certref, and you should find the actual cert (and its private key) in the config too (search for that reference). If you still have the original "Web GUI TLS certificate", you probably could plug in its reference, then "Reload all services" from the login menu, or reboot. Alternatively maybe you could temporarily set opensense -> system -> webgui -> protocol to "http", then repair via the web UI on port 80....
Just use the docs:
https://docs.opnsense.org/troubleshooting/webgui.html
Quote from: Monviech (Cedrik) on November 28, 2024, 02:53:14 PM
Just use the docs:
https://docs.opnsense.org/troubleshooting/webgui.html
Thanks a lot ! That is by far the simplest solution.And it works too ;-)