Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR

[george09]

Hello,

since the update I can no longer access the web interface cause of SSL_ERROR_INTERNAL_ERROR_ALERT (Firefox), Chrome says ERR_SSL_PROTOCOL_ERROR.
The Webinterface uses a lets encrypt cert.
I have still access through SSH.

Is there a quick solution for this problem, maybe disable https, but without reset all my network interfaces? or renew cert...?

Thanks

[mimugmail]

https://twitter.com/opnsense/status/1339847119977533442

[robgnu]

If you use Lets Encrypt, log into SSH and use this command:

# php /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode issue --all --force

[rabievdm]

Thanks,

The twitter comment got me working again:
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
Much appreciated.

Regards

[Julien]

did the last update change something on the firewall behaivor?
i noticed our UDP packets (VOIP) are disconnecting after 20 sec. also the web gui is not availble.

[Taomyn]

I've had to revert lighttpd after updating to 20.7.7_1 and even worse I had tried a reboot when the error first happened. I lost Internet access because Unbound was also down and I had no DNS and only access via SSH. Had to hack a working DNS into resolv.conf before the revert would download and then a full reboot to get everything stable again.


Are their any plans for some kind of on-board rollback to an update so when faced with even worse, no Internet, then we can get back working? I don't have the luxury of stand-by devices or the ability to run VM versions with snapshots. Had my Internet been inaccessible I would have be royally screwed as my mobile access is next to nothing here, and mostly sub-3G which did fortunately work on this occasion to find this thread - without Internet trying to find help is a nightmare.

[mimugmail]

Are their any plans for some kind of on-board rollback to an update so when faced with even worse, no Internet, then we can get back working? I don't have the luxury of stand-by devices or the ability to run VM versions with snapshots. Had my Internet been inaccessible I would have be royally screwed as my mobile access is next to nothing here, and mostly sub-3G which did fortunately work on this occasion to find this thread - without Internet trying to find help is a nightmare.

Then you maybe should wait a week or so with the update and watch the forums for threads ..
For rollback DNS is required, you should be able to to set DNS server in System : Settings : General and tick the checkbox to not use local unbound. Then it should work too.

[Taomyn]

For rollback DNS is required, you should be able to to set DNS server in System : Settings : General and tick the checkbox to not use local unbound. Then it should work too.

Not when the web interface is broken.

[mimugmail]

Then just wait a week or so

[Taomyn]

Then just wait a week or so

I did that once before - ended up having to reinstall the whole firewall then restore settings from my offsite backup, and not easy to do when the only image you have on-site is a few releases back - you'll never hit everyone's problems no matter how long you delay it. Hardly friendly when it's your only means of Internet connectivity. Some kind of built-in full rollback should be a feature.

[tortue]

https://twitter.com/opnsense/status/1339847119977533442

Another confirmed fix, twitter comment got me working again also.

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart

[Taomyn]

Does the 20.7.7_1 update fix this and what's the recommended way to update after having reverted just lighttpd?

[franco]

We don't have a confirm on ERR_SSL_PROTOCOL_ERROR yet.

You can try using

# opnsense-revert -r 20.7.7 lighttpd && configctl webgui restart

and revert back if necessary. Make sure to probe the lighttpd version depending on the mirror used it may not have yet synced to 1.4.58.


Cheers,
Franco

[Julien]

this the fix

Code: [Select]

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
the

Code: [Select]

opnsense-revert -r 20.7.7 lighttpd && configctl webgui restart is not working

first run the first command of 20.7.6 and access the gun and run the update from the gui to lighted 1.4.58 the errors appears again.

[franco]

Then it looks like lighttpd is not going to fix that issue. I can't imagine that this is an issue that can't be fixed from the system (switching cert maybe?). Because it is working for a representative amount of users...


Cheers,
Franco