OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: Julien on January 30, 2021, 01:34:35 am

Title: ERR_SSL_PROTOCOL_ERROR GUI
Post by: Julien on January 30, 2021, 01:34:35 am
Hi guys,
after updating one box I lost access to the gui as to the ssh.
the error keep showing
Code: [Select]
ERR_SSL_PROTOCOL_ERRORusually It was fixed with this command to reverse back
Code: [Select]
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
but it appear it failed to revert to 20.7.6 on 21.1

hope someone has a idea how to restore the gui.

thank you
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: Fright on January 30, 2021, 07:36:38 am
self-signed cert?
try
Code: [Select]
configctl webgui restart renew
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: vinz on January 30, 2021, 12:49:06 pm
I had the same problem. Renewal of the self signed cert as pointed out by @Fright fixed it. Thank you.

In Firefox this error is shown as: SSL_ERROR_INTERNAL_ERROR_ALERT

Background:

In OPNsense 20.7.8 the lighttpd upgrade from 1.4.55_1 to 1.4.58 broke the web-gui.
The command opnsense-revert executed via serial console restored it:
    opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
Thread: https://forum.opnsense.org/index.php?topic=20514.15

The upgrade to OPNsense 21.1 again broke the web-gui and the above command did not help.

The renewal of the self signed cert, as pointed out by @Fright fixed it permanently
    configctl webgui restart renew
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: franco on January 30, 2021, 01:29:18 pm
It's not like we haven't been listening. There is something wrong with the certificate and nobody can help troubleshooting this remotely. In 21.1 you can actually recover by manually creating a new valid self-signed certificate as pointed out here by avid readers.

https://github.com/opnsense/changelog/blob/61a2138a8ca2a12acabe80a6903e4aa6facc4368/doc/21.1/21.1#L46

Just fix your certs please. It isn't rocket science.


Cheers,
Franco
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: Julien on February 01, 2021, 10:56:09 am
Hi Franco,

this appear to happen when you are using lets encrypt.
i cannot seems to find the cause.

anyway guys the soltuion as next.

if you are locked out and cannot access the webgui, log in with ssh and go to shell
run the below command

Code: [Select]
configctl webgui restart renew
if everything is okay youll be able to access the gui.

if you have updated yet and using letsencrypt

go to your leftsencrypt and force your exisiting ssl to renew its should be R3 ssl check screenshot.
i noticed certificates that been assigned during december is the cause.
i have 5 boxes who been broke, the 5 boxes has the ssl of last december after following the guide mentioned above, got it sorted out.


Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: Fright on February 01, 2021, 11:04:05 am
this also can happen if at the time of OPN loading the clock on OPN is significantly out of sync (happens on hyper-v with clock-sync disabled) and the browser session starts immediately after loading (or was established before loading). then after synchronizing the clock and a change in time on the OPN, the browser will fall into this error. restarting the GUI in this case helps
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: Taomyn on February 06, 2021, 09:15:19 am
I was able to upgrade from 20.7.8_4 to 21.1 without any issues this time, so for me clearing house on the all the CA and generated certificates for the old Let's Encrypt CAs sorted it out.
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: darkcube on February 09, 2021, 08:55:35 pm
It's not like we haven't been listening. There is something wrong with the certificate and nobody can help troubleshooting this remotely. In 21.1 you can actually recover by manually creating a new valid self-signed certificate as pointed out here by avid readers.

https://github.com/opnsense/changelog/blob/61a2138a8ca2a12acabe80a6903e4aa6facc4368/doc/21.1/21.1#L46

Just fix your certs please. It isn't rocket science.

Hi Franco,

I seem to be experiencing the same issue after an upgrade to 21.1, and the "configctl webgui restart renew" from CLI doesn't help, the web GUI is still inaccessible.

When I attempt to downgrade with "opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart" it fails with "Fetching lighttpd.txz: .. failed".

Any ideas as to why the self-signed cert renewal fails?
Title: Re: ERR_SSL_PROTOCOL_ERROR GUI
Post by: liceo on March 18, 2021, 10:59:50 am
I got the same error on the browser, but it was neither related to the certs nor to the upgrade: A simple reboot has caused the problem. After i set the time sync on the hypervisor to "on" (I'm using Hyper-V) the problem seems to be gone...