Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: Sander85 on December 03, 2024, 07:53:52 PM

Title: 24.7.10_1 NGINX can't find cert.pem
Post by: Sander85 on December 03, 2024, 07:53:52 PM
Just updated from 24.7.9 to 24.7.10_1 and NGINX stopped working.
Probably because the change:
"system: remove the SSL bundles in default locations"

NGINX can't find /etc/ssl/cert.pem.
Code Select
nginx: [emerg] SSL_CTX_load_verify_locations("/etc/ssl/cert.pem") failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/ssl/cert.pem, r) error:10000080:BIO routines::no such file error:05880002:x509 certificate routines::system lib)
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

For a quickfix I created a symlink to /usr/local/etc/ssl/cert.pem.
Code Select
ln -s /usr/local/etc/ssl/cert.pem /etc/ssl/cert.pem
Title: Re: 24.7.10_1 NGINX can't find cert.pem
Post by: franco on December 03, 2024, 08:34:21 PM
Thanks for the report. Will hotfix.

https://github.com/opnsense/plugins/commit/ae922ba2


Cheers,
Franco
Title: Re: 24.7.10_1 NGINX can't find cert.pem
Post by: fluxx on December 03, 2024, 08:39:26 PM
Same for HAProxy

Code Select
[NOTICE] (60472) : haproxy version is 2.8.12-0fdb194
[NOTICE] (60472) : path to executable is /usr/local/sbin/haproxy
[ALERT] (60472) : config : [/usr/local/etc/haproxy.conf.staging:121] : 'server nextcloud_backend/nextcloud_host' : Couldn't open the ca-file '/etc/ssl/cert.pem' (No such file or directory).
[ALERT] (60472) : config : 'ca-file' : unable to load /etc/ssl/cert.pem.
[ALERT] (60472) : config : Error(s) found in configuration file : /usr/local/etc/haproxy.conf.staging
[ALERT] (60472) : config : Fatal errors found in configuration.
Title: Re: 24.7.10_1 NGINX can't find cert.pem
Post by: franco on December 03, 2024, 08:40:21 PM
Yep https://github.com/opnsense/plugins/commit/99ad9d9d
Text only | Text with Images