OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of comozoi »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - comozoi

Pages: [1]
1
21.7 Legacy Series / no-sslv3/no-tlsv1x are ignored for bind '127.0.0.1:443'
« on: August 23, 2021, 12:42:39 am »
Hi,
I am running OPNSense 21.7.1 and using haproxy for SSL Offloading
After several upgrades to catch up to the latest version, I encounter the following problem:
- https public service under haproxy seems not to function
- I get the following error message in haproxy when testing the syntax

[WARNING] 234/013128 (31345) : Proxy 'https_in': no-sslv3/no-tlsv1x are ignored for bind '127.0.0.1:443' at [/usr/local/etc/haproxy.conf.staging:58]. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.
Warnings were found.
Configuration file is valid

Clearing up the no-sslv3/no-tlsv1x in the GUI seems not to solve the issue, the error message remains.
Any help/hints are appreicated.

2
17.7 Legacy Series / Re: Let's Encrypt certificate reissue error - outdated ACME
« on: January 09, 2018, 01:10:18 pm »
Thank you.
Tried with 2.7.5_1
Same error.

Date    Message
[Tue Jan 9 14:14:58 EET 2018]    Diagnosis versions:
[Tue Jan 9 14:14:58 EET 2018]    socat doesn't exists.
[Tue Jan 9 14:14:58 EET 2018]    _chk_vlist
[Tue Jan 9 14:14:58 EET 2018]    Please check log file for more details: /var/log/acme.sh.log
[Tue Jan 9 14:14:58 EET 2018]    _on_issue_err
[Tue Jan 9 14:14:58 EET 2018]    Update account error.
[Tue Jan 9 14:14:58 EET 2018]    code='400'
[Tue Jan 9 14:14:58 EET 2018]    response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Date: Tue, 09 Jan 2018 12:14:58    GMT
Expires: Tue, 09 Jan 2018 12:14:58    GMT
Expires: Tue, 09 Jan 2018 12:14:58    GMT
[Tue Jan 9 14:14:58 EET 2018]    responseHeaders='HTTP/1.1 100 Continue
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]    does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
[Tue Jan 9 14:14:58 EET 2018]    original='{
[Tue Jan 9 14:14:58 EET 2018]    _ret='0'
[Tue Jan 9 14:14:57 EET 2018]    _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '

3
17.7 Legacy Series / Re: Let's Encrypt certificate reissue error - outdated ACME
« on: January 08, 2018, 11:49:07 pm »
Thank you, I followed the steps, but same error appears.
In Firmware Acme client 1.12, Acme sh 2.7.4_1

[Tue Jan 9 00:37:08 EET 2018]    Diagnosis versions:
[Tue Jan 9 00:37:08 EET 2018]    socat doesn't exists.
[Tue Jan 9 00:37:08 EET 2018]    _chk_vlist
[Tue Jan 9 00:37:08 EET 2018]    Please check log file for more details: /var/log/acme.sh.log
[Tue Jan 9 00:37:08 EET 2018]    _on_issue_err
[Tue Jan 9 00:37:08 EET 2018]    Update account error.
[Tue Jan 9 00:37:08 EET 2018]    code='400'
[Tue Jan 9 00:37:08 EET 2018]    response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'
Date: Mon, 08 Jan 2018 22:37:07    GMT
Expires: Mon, 08 Jan 2018 22:37:07    GMT
Expires: Mon, 08 Jan 2018 22:37:07    GMT
[Tue Jan 9 00:37:08 EET 2018]    responseHeaders='HTTP/1.1 100 Continue
"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]    does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",


4
17.7 Legacy Series / Let's Encrypt certificate reissue error - outdated ACME
« on: January 08, 2018, 09:06:23 pm »
Hello everyone,
Having a problem with Let's Encrypt - we cannot renew certificates with Let's Encrypt client due to the following error:

"detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]    does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",

response='{"type":"urn:acme:error:malformed","detail":"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]","status": 400}'



Found this notice: https://github.com/Neilpang/acme.sh/issues/1112

Any help appreciated.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2