1
21.7 Legacy Series / 500 error in system_certmanager.php after update
« on: August 09, 2021, 06:07:12 pm »
Hi guys
I've updated today from 20.X to the latest 21.7 and the pages for trust in the web GUI are giving me a 500 error. It does that if I try to create a new certificate in OPN or if It ry to make it sign a CSR.
In lighttpd.log I see:
Aug 9 16:07:02 firewall lighttpd[38170]: (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 55793 socket: unix:/tmp/php-fastcgi.socket-1
Aug 9 16:07:02 firewal lighttpd[38170]: (gw_backend.c.2275) response not received, request sent: 2098 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, clo
sing connection
Aug 9 16:08:31 firewall lighttpd[38170]: (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 55793 socket: unix:/tmp/php-fastcgi.socket-1
Aug 9 16:08:31 firewall lighttpd[38170]: (gw_backend.c.2275) response not received, request sent: 2098 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, clo
sing connection
Aug 9 16:10:27 firewall lighttpd[38170]: (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 55793 socket: unix:/tmp/php-fastcgi.socket-1
Aug 9 16:10:27 firewall lighttpd[38170]: (gw_backend.c.2275) response not received, request sent: 2098 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, clo
sing connection
In the browser (tried both latest chrome and firefox, same error):
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>500 Internal Server Error</title>
</head>
<body>
<h1>500 Internal Server Error</h1>
</body>
</html>
The version is:
Versions OPNsense 21.7.1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
LibreSSL 3.3.3
I have another firewall in the exact same version and went there to create a cert and it created just fine, so I believe this has something to do with the particular data or "state" in this firewall.
The reason I had to go create a certificate jsut now is that I noticed with the new openvpn version it doesnt like certificates that have a space in the beginning of the CN, they stopped working after I updated OPNsense to 21.7 from 20.X but I dont think the presence of certs like that are causing the UI to have the error 500 because in my 2nd test firewall I can create certs before and after creating a certificate with a space in the beginning of the CN field.
What could I do to get more info on this? From the timestamp the other files in /var/log dont seem to relate to the webserver. Is there a "debug mode" or something?
As a workaround for now I downloaded the CA data and issued a certificate externally and it's working with openvpn
Thanks
I've updated today from 20.X to the latest 21.7 and the pages for trust in the web GUI are giving me a 500 error. It does that if I try to create a new certificate in OPN or if It ry to make it sign a CSR.
In lighttpd.log I see:
Aug 9 16:07:02 firewall lighttpd[38170]: (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 55793 socket: unix:/tmp/php-fastcgi.socket-1
Aug 9 16:07:02 firewal lighttpd[38170]: (gw_backend.c.2275) response not received, request sent: 2098 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, clo
sing connection
Aug 9 16:08:31 firewall lighttpd[38170]: (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 55793 socket: unix:/tmp/php-fastcgi.socket-1
Aug 9 16:08:31 firewall lighttpd[38170]: (gw_backend.c.2275) response not received, request sent: 2098 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, clo
sing connection
Aug 9 16:10:27 firewall lighttpd[38170]: (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 55793 socket: unix:/tmp/php-fastcgi.socket-1
Aug 9 16:10:27 firewall lighttpd[38170]: (gw_backend.c.2275) response not received, request sent: 2098 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, clo
sing connection
In the browser (tried both latest chrome and firefox, same error):
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>500 Internal Server Error</title>
</head>
<body>
<h1>500 Internal Server Error</h1>
</body>
</html>
The version is:
Versions OPNsense 21.7.1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
LibreSSL 3.3.3
I have another firewall in the exact same version and went there to create a cert and it created just fine, so I believe this has something to do with the particular data or "state" in this firewall.
The reason I had to go create a certificate jsut now is that I noticed with the new openvpn version it doesnt like certificates that have a space in the beginning of the CN, they stopped working after I updated OPNsense to 21.7 from 20.X but I dont think the presence of certs like that are causing the UI to have the error 500 because in my 2nd test firewall I can create certs before and after creating a certificate with a space in the beginning of the CN field.
What could I do to get more info on this? From the timestamp the other files in /var/log dont seem to relate to the webserver. Is there a "debug mode" or something?
As a workaround for now I downloaded the CA data and issued a certificate externally and it's working with openvpn
Thanks