24.7.11 -> 24.7.12 - Unable to access WebGUI after update

Started by skoenig, January 18, 2025, 02:53:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 18, 2025, 02:53:13 PM
Hi,

After an update of OPNSense from 24.7.11 to 24.7.12, I am unable to access the WebGUI.
OPNSense boots fine and all services seem to work. My local network works, I have internet access and I can ping the OPNSense machine.
When trying to access the WebGUI from a machine in the local network, I get an SSL protocol error (ERR_SSL_PROTOCOL_ERROR).

Searching for this issue I found old forum posts from 2020/2021 that suggests to use the command:
'systemctl webgui restart renew'.

Doing that just returns the output 'OK', but the problem persists.

I am a very casual OPNSense user and would appreciate any tips on how to proceed.
January 18, 2025, 03:01:52 PM #1
The above command creates a new self-signed certificate, so if this does not work, maybe your OpnSense system time is way off. Or did you install your own certificate?
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
January 18, 2025, 05:01:22 PM #2
System time seems to be correct.

I am a very casual user of OPNSense and forgot that I make use of the Caddy plugin for OPNSense. So I use Caddy for subdomains to various machines / services in my network and SSL certification. So I let Caddy use the ACME protocol for Let's Encrypt certificates. And this still seems to work fine.
Honestly I forgot that when I attempt to access the OPNSense WebGUI at port 80 / 443 I go through Caddy. So I actually can access the WebGUI of OPNSense when avoiding Caddy (although the connection is reported as not secure).
But I still don't know how to solve the problem of accessing the WebGUI on port 80 through Caddy. It worked fine before the update. All other Caddy redirects to other machines work fine.

What I see in the Web UI:
- System / Trust / Authorities: One entry , Description: opnsense-selfsigned, Issuer: self-signed , valid till June 30, 2025
- System / Trust / Certificates: Two entries, one in use, the other one is not.
In use:
 Description: Web GUI TLS certificate, Issuer: self-signed
Not in use:
 Description: Web GUI TLS certificate, Issuer: opnsense-selfsigned

- System / Trust / Revocation : One entry, CA Name 'opnsense-selfsigned'


January 18, 2025, 10:25:03 PM #3
I suggest to deactivate HTTP/3 in the Caddy General Settings - Advanced Settings Tab. That should solve it.

https://github.com/opnsense/plugins/issues/4471

If not, another way to solve it is to select HTTP/1.1 in the Handler to the OPNsense.
Hardware:
DEC740
Print
Go Up Pages1
User actions