AcmeClient upload_sftp debugging

[rfc805]

So I think this is a topic that's come up before, but I can't seem to find an answer.

I have an upload_sftp automation set up which goes to an Ubuntu VM.  Testing the connection passes, but when I run the automation, nothing happens.  I see in the system log:

<13>1 2022-11-05T14:57:18-05:00 gwo opnsense 50444 - [meta sequenceId="3"] AcmeClient: running automations for certificate: <cn>
<13>1 2022-11-05T14:57:18-05:00 gwo opnsense 50444 - [meta sequenceId="4"] AcmeClient: running automation (configd): <cn> ssl dist

Nothing seems to happen at this point.  If I do a tcpdump on the interface it would go out, I don't see anything happen.  There are no further log messages.

If I run upload_sftp.php manually, it works fine.

root@gwo:/usr/local/opnsense/scripts/OPNsense/AcmeClient # ./upload_sftp.php --log --host=<cn> --user=ssldist --certificates=<cn>
INFO: Logging to stdout enabled
INFO: No host key specified, using existing known_hosts entry for '<cn>'
INFO: SFTP: Connected to <cn>.
INFO: SFTP: sftp> pwd
INFO: SFTP: sftp> cd '/home/ssldist/<cn>'
INFO: SFTP: stat remote: No such file or directory
INFO: Creating remote directory: /home/ssldist/<cn>
INFO: SFTP: sftp> pwd
INFO: SFTP: sftp> mkdir '/home/ssldist/<cn>'
INFO: SFTP: sftp> cd '/home/ssldist/<cn>'
INFO: SFTP: sftp> pwd
INFO: SFTP: sftp> ls -la
INFO: SFTP: sftp> put '/tmp/sftp-upload-AyaTmK' 'ca.pem'
INFO: SFTP: Uploading /tmp/sftp-upload-AyaTmK to /home/ssldist/<cn>/ca.pem
INFO: SFTP: sftp> put '/tmp/sftp-upload-Ws0HCw' 'cert.pem'
INFO: SFTP: Uploading /tmp/sftp-upload-Ws0HCw to /home/ssldist/<cn>/cert.pem
INFO: SFTP: sftp> put '/tmp/sftp-upload-5MZRRw' 'fullchain.pem'
INFO: SFTP: Uploading /tmp/sftp-upload-5MZRRw to /home/ssldist/<cn>/fullchain.pem
INFO: SFTP: sftp> put '/tmp/sftp-upload-e035Kt' 'key.pem'
INFO: SFTP: Uploading /tmp/sftp-upload-e035Kt to /home/ssldist/<cn>/key.pem
INFO: SFTP: sftp> exit

I can't seem to find a way to further debug why the automation fails - I would expect it to be using equivalent arguments to what I'm running, but they don't seem to be logged anywhere.  Any tips for why the automation would fail when the script works?

[rfc805]

Any thoughts?  I actually added some messages to try and debug, but they don't fire when run via the web gui or automatically.  Makes me think that whatever is supposed to actually call the script is doing something wrong - but I'm not exactly sure of that process flow.

[itngo]

What does "TEST Connection" say in Automation?

[rfc805]

Gives me a green OK result.  Pretty sure it's calling the upload_sftp script with the test params, which also work.  Just running the automation only ever produces that one configd log line and nothing else, which is very odd. 

[abulafia]

I can connect but cannot upload to my ESXi server. IIRC, it was an issue with a filesystem command that SFTP wanted to run that ESXi didn't recognise/implement.  (manual scp from opnsense works)

[rfc805]

Yeah, that's not the issue here, because the upload_sftp script works if I call it manually.  I ran into that same problem with ESXi - I believe it's because it can't chmod.  This is just a plain jane Ubuntu 22.04 server it's uploading to.  Very odd.