web interface fails after upgrade to 20.7.7.1

Started by gdur, December 28, 2020, 12:14:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 28, 2020, 12:14:03 PM
Ran the upgrade to version 20.7.7.1 and hereafter no longer access to web interface. I get the SSL_ERROR_INTERNAL_ERROR_ALERT error. How to deal with this?
December 28, 2020, 02:57:36 PM #1
Had something like this a couple days ago, my local certificate I created in opnsense had expired somehow.  I had generated it only a few months ago and swear I had it not expire for several years.  I ended up removing it from opnsense and windows and recreating it all from scratch.  Not sure that's your issue or not...would be highly coincidental or there's something else going on here.
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
December 28, 2020, 03:41:30 PM #2
It's not a local certificate but a Letsencrypt one... and it was not expired yet...
December 28, 2020, 04:27:00 PM #3
During the update, it is indicated that the let'encrypt certificates have to be redone.
December 28, 2020, 05:57:56 PM #4
Ah, If there has been a notification than I've missed that. I do have SSH access and tried to do so from the command line (certbot renew) but that didn't work as the command is not recognized. So how to proceed?
December 28, 2020, 06:18:26 PM #5
I don't know the procedure in cli, i don't use Lets'Encrypt certificate but a self signed
December 28, 2020, 06:37:49 PM #6
I had the same issue after the update. I use the buildin certificate, never installed anything else.

No browser was able to access the GUI.

I found another thread in the german section which gave me a hint to solve it (Franco):
https://forum.opnsense.org/index.php?topic=20620.msg95965#msg95965

I entered the shell via serial interface:

Code Select
# opnsense-revert -r 20.7.6 lighttpd && configctl webgui reload

and did a reboot.

After that the GUI was accessable again.
December 29, 2020, 10:20:14 AM #7
Thanks for that! After  opnsense-revert -r 20.7.6 lighttpd and a option 11 (Reload all services) I had access to the webgui again.
configctl webgui reload however responds with "Action not found" (???).

The other thing noticed is:  The latest waterfox comes with an error Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING and Chrome doesn't like it either (???).
An old firefox (52.6.0) works, Edge works as well.
So what to do next?
December 29, 2020, 11:40:41 AM #8 Last Edit: December 29, 2020, 11:44:58 AM by gdur
Thanks for that! After  opnsense-revert -r 20.7.6 lighttpd and a option 11 (Reload all services) I had access to the webgui again.
configctl webgui reload however responds with "Action not found" (???).

The other thing noticed is:  The latest waterfox comes with an error Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING and Chrome doesn't like it either (???).
An old firefox (52.6.0) works, Edge works as well (correction, failed after clearing cache).
So what to do next?

I've worked it out:
After reboot I received a different message in my browsers (except the old firefox.):
QuoteWebsite certificate revoked
The certificate used by this server is marked as untrusted and the connection is not secure.
This error was caused by a missing OCSP response, which must be present and valid because OCSP Must-Staple is used.
Try connecting later or use a different internet connection.
Access to it has been blocked.
(ESET happen to block).
Luckily I had access via my 'old' Firefox and could force a renewal of the Letsencrypt cert and after a reboot everything seems to be as should.
Revert rolled back lighttpd version 1.4.56 to version1.4.55_1   

December 30, 2020, 11:01:05 AM #9
The question is, how will this be solved? Will this happen again during the next upgrade?
Print
Go Up Pages1
User actions