OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: gdur on December 28, 2020, 12:14:03 pm
-
Ran the upgrade to version 20.7.7.1 and hereafter no longer access to web interface. I get the SSL_ERROR_INTERNAL_ERROR_ALERT error. How to deal with this?
-
Had something like this a couple days ago, my local certificate I created in opnsense had expired somehow. I had generated it only a few months ago and swear I had it not expire for several years. I ended up removing it from opnsense and windows and recreating it all from scratch. Not sure that's your issue or not...would be highly coincidental or there's something else going on here.
-
It's not a local certificate but a Letsencrypt one... and it was not expired yet...
-
During the update, it is indicated that the let'encrypt certificates have to be redone.
-
Ah, If there has been a notification than I've missed that. I do have SSH access and tried to do so from the command line (certbot renew) but that didn't work as the command is not recognized. So how to proceed?
-
I don't know the procedure in cli, i don't use Lets'Encrypt certificate but a self signed
-
I had the same issue after the update. I use the buildin certificate, never installed anything else.
No browser was able to access the GUI.
I found another thread in the german section which gave me a hint to solve it (Franco):
https://forum.opnsense.org/index.php?topic=20620.msg95965#msg95965 (https://forum.opnsense.org/index.php?topic=20620.msg95965#msg95965)
I entered the shell via serial interface:
# opnsense-revert -r 20.7.6 lighttpd && configctl webgui reload
and did a reboot.
After that the GUI was accessable again.
-
Thanks for that! After opnsense-revert -r 20.7.6 lighttpd and a option 11 (Reload all services) I had access to the webgui again.
configctl webgui reload however responds with "Action not found" (???).
The other thing noticed is: The latest waterfox comes with an error Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING and Chrome doesn't like it either (???).
An old firefox (52.6.0) works, Edge works as well.
So what to do next?
-
Thanks for that! After opnsense-revert -r 20.7.6 lighttpd and a option 11 (Reload all services) I had access to the webgui again.
configctl webgui reload however responds with "Action not found" (???).
The other thing noticed is: The latest waterfox comes with an error Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING and Chrome doesn't like it either (???).
An old firefox (52.6.0) works, Edge works as well (correction, failed after clearing cache).
So what to do next?
I've worked it out:
After reboot I received a different message in my browsers (except the old firefox.):
Website certificate revoked
The certificate used by this server is marked as untrusted and the connection is not secure.
This error was caused by a missing OCSP response, which must be present and valid because OCSP Must-Staple is used.
Try connecting later or use a different internet connection.
Access to it has been blocked.
(ESET happen to block).
Luckily I had access via my 'old' Firefox and could force a renewal of the Letsencrypt cert and after a reboot everything seems to be as should.
Revert rolled back lighttpd version 1.4.56 to version1.4.55_1
-
The question is, how will this be solved? Will this happen again during the next upgrade?