Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR

Started by george09, December 18, 2020, 08:53:25 AM

Previous topic - Next topic
Print
Go Down Pages1 2 3
User actions
December 18, 2020, 08:53:25 AM Last Edit: December 18, 2020, 09:03:29 AM by george09
Hello,

since the update I can no longer access the web interface cause of SSL_ERROR_INTERNAL_ERROR_ALERT (Firefox), Chrome says ERR_SSL_PROTOCOL_ERROR.
The Webinterface uses a lets encrypt cert.
I have still access through SSH.

Is there a quick solution for this problem, maybe disable https, but without reset all my network interfaces? or renew cert...?

Thanks
December 18, 2020, 09:36:41 AM #1
December 18, 2020, 06:46:28 PM #2 Last Edit: December 19, 2020, 07:28:22 AM by robgnu
If you use Lets Encrypt, log into SSH and use this command:

# php /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode issue --all --force
December 19, 2020, 08:24:58 PM #3
Thanks,

The twitter comment got me working again:
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
Much appreciated.

Regards
December 21, 2020, 04:06:00 PM #4
did the last update change something on the firewall behaivor?
i noticed our UDP packets (VOIP) are disconnecting after 20 sec. also the web gui is not availble.
DEC4240 – OPNsense Owner
December 21, 2020, 08:27:29 PM #5
I've had to revert lighttpd after updating to 20.7.7_1 and even worse I had tried a reboot when the error first happened. I lost Internet access because Unbound was also down and I had no DNS and only access via SSH. Had to hack a working DNS into resolv.conf before the revert would download and then a full reboot to get everything stable again.


Are their any plans for some kind of on-board rollback to an update so when faced with even worse, no Internet, then we can get back working? I don't have the luxury of stand-by devices or the ability to run VM versions with snapshots. Had my Internet been inaccessible I would have be royally screwed as my mobile access is next to nothing here, and mostly sub-3G which did fortunately work on this occasion to find this thread - without Internet trying to find help is a nightmare.
December 22, 2020, 02:46:54 PM #6
Quote from: Taomyn on December 21, 2020, 08:27:29 PM


Are their any plans for some kind of on-board rollback to an update so when faced with even worse, no Internet, then we can get back working? I don't have the luxury of stand-by devices or the ability to run VM versions with snapshots. Had my Internet been inaccessible I would have be royally screwed as my mobile access is next to nothing here, and mostly sub-3G which did fortunately work on this occasion to find this thread - without Internet trying to find help is a nightmare.

Then you maybe should wait a week or so with the update and watch the forums for threads ..
For rollback DNS is required, you should be able to to set DNS server in System : Settings : General and tick the checkbox to not use local unbound. Then it should work too.
December 22, 2020, 04:30:55 PM #7
Quote from: mimugmail on December 22, 2020, 02:46:54 PM
For rollback DNS is required, you should be able to to set DNS server in System : Settings : General and tick the checkbox to not use local unbound. Then it should work too.


Not when the web interface is broken.
December 22, 2020, 05:53:51 PM #8
Then just wait a week or so
December 24, 2020, 01:08:21 PM #9
Quote from: mimugmail on December 22, 2020, 05:53:51 PM
Then just wait a week or so


I did that once before - ended up having to reinstall the whole firewall then restore settings from my offsite backup, and not easy to do when the only image you have on-site is a few releases back - you'll never hit everyone's problems no matter how long you delay it. Hardly friendly when it's your only means of Internet connectivity. Some kind of built-in full rollback should be a feature.
December 25, 2020, 12:47:06 AM #10
Quote from: mimugmail on December 18, 2020, 09:36:41 AM
https://twitter.com/opnsense/status/1339847119977533442

Another confirmed fix, twitter comment got me working again also.

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
January 04, 2021, 03:16:57 PM #11
Does the 20.7.7_1 update fix this and what's the recommended way to update after having reverted just lighttpd?
January 04, 2021, 03:26:17 PM #12
We don't have a confirm on ERR_SSL_PROTOCOL_ERROR yet.

You can try using

# opnsense-revert -r 20.7.7 lighttpd && configctl webgui restart

and revert back if necessary. Make sure to probe the lighttpd version depending on the mirror used it may not have yet synced to 1.4.58.


Cheers,
Franco
January 05, 2021, 03:01:36 AM #13 Last Edit: January 05, 2021, 03:03:45 AM by Julien
this the fix

Code Select
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart

the
Code Select
opnsense-revert -r 20.7.7 lighttpd && configctl webgui restart is not working

first run the first command of 20.7.6 and access the gun and run the update from the gui to lighted 1.4.58 the errors appears again.

DEC4240 – OPNsense Owner
January 05, 2021, 10:07:16 AM #14
Then it looks like lighttpd is not going to fix that issue. I can't imagine that this is an issue that can't be fixed from the system (switching cert maybe?). Because it is working for a representative amount of users...


Cheers,
Franco
Print
Go Up Pages1 2 3
User actions