1
20.1 Legacy Series / Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100
« on: April 06, 2020, 12:35:31 pm »
Thx Franco, perfect! 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
20.1 Legacy Series / haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100
« on: April 06, 2020, 12:11:42 pm »
Is there a timeframe for an update of haproxy to fix CVE-2020-11100 [1]?
[1] https://www.haproxy.com/blog/haproxy-1-8-http-2-hpack-decoder-vulnerability-fixed/
[1] https://www.haproxy.com/blog/haproxy-1-8-http-2-hpack-decoder-vulnerability-fixed/
3
19.7 Legacy Series / Re: acmeclient api json
« on: November 06, 2019, 06:55:37 pm »
This worked for me, maybe it will help someone in the future:
curl -XPOST -H "Content-Type: application/json" -u "user:pass" \
https://opnsense.example.com/api/acmeclient/certificates/add -d \
'{
"certificate": {
"enabled": "0",
"name": "test.example.com",
"altNames": "test2.example.com",
"description": "test.example.com",
"account": "uuid-of-the-account",
"validationMethod": "uuid-of-the-validation-method",
"keyLength": "key_4096",
"autoRenewal": "1",
"renewInterval": "60"
}
}'
curl -XPOST -H "Content-Type: application/json" -u "user:pass" \
https://opnsense.example.com/api/acmeclient/certificates/add -d \
'{
"certificate": {
"enabled": "0",
"name": "test.example.com",
"altNames": "test2.example.com",
"description": "test.example.com",
"account": "uuid-of-the-account",
"validationMethod": "uuid-of-the-validation-method",
"keyLength": "key_4096",
"autoRenewal": "1",
"renewInterval": "60"
}
}'
4
19.7 Legacy Series / [Solved] acmeclient api json
« on: November 06, 2019, 06:25:02 pm »
Is there anywhere documented what the required json is to create a certificate with the acmeclient api?
Tried this, but it is failing:
curl -XPOST -H "Content-Type: application/json" -u "user:pass" \
https://opnsense.example.com/api/acmeclient/certificates/add -d \
'{
"certificate": {
"enabled": "0",
"name": "test.example.com",
"altNames": "test2.example.com",
"description": "test.example.com",
"account": "example account",
"validationMethod": "http-01 validation",
"keyLength": "4096 bit",
"autoRenewal": "1",
"renewInterval": "60"
}
}'
Tried this, but it is failing:
curl -XPOST -H "Content-Type: application/json" -u "user:pass" \
https://opnsense.example.com/api/acmeclient/certificates/add -d \
'{
"certificate": {
"enabled": "0",
"name": "test.example.com",
"altNames": "test2.example.com",
"description": "test.example.com",
"account": "example account",
"validationMethod": "http-01 validation",
"keyLength": "4096 bit",
"autoRenewal": "1",
"renewInterval": "60"
}
}'
5
18.7 Legacy Series / certbot haproxy restart action fails with v18.7.3 and v18.7.4
« on: October 01, 2018, 10:48:08 am »
Hi!
certbot haproxy restart action on new or renewed certs is failing with v18.7.3 and v18.7.4 too. Last version it worked (for me) was v18.1.13.
configd.py reports 'restarting haproxy'
'/usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: running restart action: Restart HAProxy'
and up this point haproxy is not responding to any requests. Only a restart via the gui fixes this.
Is this a known issue? Is there anything I can do to fix it?
certbot haproxy restart action on new or renewed certs is failing with v18.7.3 and v18.7.4 too. Last version it worked (for me) was v18.1.13.
configd.py reports 'restarting haproxy'
'/usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: running restart action: Restart HAProxy'
and up this point haproxy is not responding to any requests. Only a restart via the gui fixes this.
Is this a known issue? Is there anything I can do to fix it?
Pages: [1]