After upgrading to 25.7.9, cannot access OPNsense web gui

[kwo1]

Hi,

Yesterday, I upgraded from OPNsense 25.7.7.2 to 25.7.9.  Each time after it's done upgrading and finished rebooting, the web logon GUI becomes inaccessible.  The IP continues to respond to ping, but the web page doesn't return the login page in the browser.  It also stops accepting connections via SSH, whereas it worked prior to the upgrade. 

Prior to the upgrade, OPNsense was working fine.  I was able to initiate the upgrade through the web GUI portal. 

Troubleshooting steps I've tried to no avail (on top of reverting the OPNsense VM to backup)
-via CLI of the OPNsense VM as root and running 'configctl webgui restart renew' and 'service config restart'
-via CLI, confirming the correct IP is set, and changing it from HTTPS to HTTP
-via CLI, looking at /conf/config.xml, I see <interfaces>opt1</interfaces>, which I think references the interface it listens on for the webgui.  Opt1 is correct. 

Of the dozen times I've performed an upgrade to OPNsense  in the past via the web gui, it's never done this.  What am I missing? 

Looking for advice, thank you. 

[kwo1]

Hi, I'm still looking for guidance with this.

I performed the upgrade again.  Predictably, after the upgrade, I cannot login to the web GUI (site cannot be reached) and ssh attempts return a "connection closed by remote host" msg.  These were both working prior to the upgrade.  I _CAN_ ping the IP successfully though. 

I connected to the console.  Looking at /var/log/lighttpd/latest.log, I don't see any suspicious events that correspond to my attempts to access the web GUI.  I don't even know if this is the right log to look at. 

Google said to check lighttpd.  At the console, I ran "service lighttpd status" which said lighttpd is not running. 
I then ran 'service lighttpd start', which returned a msg lighttpd could not be started, and to set lighttpd_enable to yes inside /etc/rc.conf, or use onestart instead of start. 
I instead ran 'service lighttpd onestart' which seemed to start lighttpd.  I still can't access the web GUI though. 

EDIT:
My opnsense VM has 4 interfaces: Guest, LAN, MGMT, and WAN.
I've always locked it down so that only traffic from the MGMT interface can access the web logon of opnsense.   
I reverted to a snapshot I had take of the opnsense VM prior to having upgraded it to the latest version.  In the Settings > Administration page, I added my LAN interface as a listening interface for opnsense web GUI.  I did this just to see if by chance another interface suffered the same issue as MGMT.  I then performed the upgrade to the latest version of opnsense.  I still cannot access the web gui from the MGMT IP as I originally reported, but I can access it from the LAN IP.   
From my computer on the same MGMT network, I used arp to confirm that the MGMT IP of opnsense correctly matches the MAC address of the MGMT interface of opnsense, so it's not an IP conflict.

root@OPNsense:/conf # sockstat -4 -l |egrep '22|443'
root     lighttpd   31157 7   tcp4   127.0.0.1:443         *:*
root     lighttpd   31157 10  tcp4   192.168.20.251:443    *:*
root     lighttpd   31157 11  tcp4   192.168.2.251:443     *:*
root     sshd        3562 6   tcp4   192.168.2.251:22      *:*
root     sshd        3562 7   tcp4   192.168.20.251:22     *:*
root     sshd        3562 10  tcp4   127.0.0.1:22          *:*
root     ntpd       40964 22  udp4   192.168.66.250:123    *:*

Unless I'm reading this incorrectly, opnsense is listening on both my LAN subnet (192.168.20.251) and MGMT subnet (192.168.2.251) for both ports 443 and 22.

Again, please, can someone help direct me how else to troubleshoot this?

Thank you

[patient0]

Unless I'm reading this incorrectly, opnsense is listening on both my LAN subnet (192.168.20.251) and MGMT subnet (192.168.2.251) for both ports 443 and 22

Your understanding is correct, both the webGUI and SSH are listening on the two interfaces, assuming that .251 is OPNsense.

Can you show the firewall rules on the MGMT interface? And run a tcpdump/package capture on the MGMT interface and filter for 443/tcp or 22/tcp or both to see what happens when you try to access OPNsense.