21.7.8 acme issue

atom · January 28, 2022, 06:45:26 AM

After upgrade to 21.7.8 the acme client does not work anymore.


[28-Jan-2022 00:00:27 Europe/Berlin] PHP Fatal error:  Uncaught Error: Call to a member function init() on null in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php:634
Stack trace:
#0 /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php(404): OPNsense\AcmeClient\LeCertificate->runAutomations()
#1 /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php(165): OPNsense\AcmeClient\LeCertificate->issue()
#2 /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php(199): main()
#3 {main}
  thrown in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php on line 634

and

Code Select


2022-01-28T00:00:27	php[90929]	AcmeClient: automation not supported: restart_gui (14c6af94-6e41-4424-bfe5-67948356ce71)
2022-01-28T00:00:27	php[90929]	AcmeClient: running automations for certificate:

Fright · January 28, 2022, 11:17:46 AM

any complains in backend log about acme client migration fail?
looks like automation internal type was renamed from restart_gui to configd_restart_gui.
migration should have been take care of it

anyhow i think you can just edit existing migration (select "Restart OPNsense Web UI") and save it again. will work next time imho

atom · January 28, 2022, 12:44:09 PM

There were 3 messages in update.log about errors during update

Code Select


[159/162] Extracting os-wireguard-1.7: .......... done
configd not running? (check /var/run/configd.pid).
Starting configd.
Traceback (most recent call last):
  File "/usr/local/opnsense/service/configd.py", line 43, in <module>
    import modules.processhandler
  File "/usr/local/opnsense/service/modules/processhandler.py", line 43, in <module>
    from . import ph_inline_actions, syslog_error, syslog_info, syslog_notice, singleton
  File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 32, in <module>
    from . import template
  File "/usr/local/opnsense/service/modules/template.py", line 42, in <module>
    import jinja2
ModuleNotFoundError: No module named 'jinja2'
/usr/local/etc/rc.d/configd: WARNING: failed to start configd
Keep version OPNsense\Wireguard\General (0.0.1)
Keep version OPNsense\Wireguard\Server (0.0.2)
Keep version OPNsense\Wireguard\Client (0.0.6)
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Wireguard: configd not running!
pkg-static: POST-INSTALL script failed

Code Select


[160/162] Reinstalling os-smart-2.2...
[160/162] Extracting os-smart-2.2: .......... done
configd not running? (check /var/run/configd.pid).
Starting configd.
Traceback (most recent call last):
  File "/usr/local/opnsense/service/configd.py", line 43, in <module>
    import modules.processhandler
  File "/usr/local/opnsense/service/modules/processhandler.py", line 43, in <module>
    from . import ph_inline_actions, syslog_error, syslog_info, syslog_notice, singleton
  File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 32, in <module>
    from . import template
  File "/usr/local/opnsense/service/modules/template.py", line 42, in <module>
    import jinja2
ModuleNotFoundError: No module named 'jinja2'
/usr/local/etc/rc.d/configd: WARNING: failed to start configd
Reloading plugin configuration
Configuring system logging...done.

Code Select


[161/162] Reinstalling os-acme-client-2.6...
[161/162] Extracting os-acme-client-2.6: .......... done
configd not running? (check /var/run/configd.pid).
Starting configd.
Traceback (most recent call last):
  File "/usr/local/opnsense/service/configd.py", line 43, in <module>
    import modules.processhandler
  File "/usr/local/opnsense/service/modules/processhandler.py", line 43, in <module>
    from . import ph_inline_actions, syslog_error, syslog_info, syslog_notice, singleton
  File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 32, in <module>
    from . import template
  File "/usr/local/opnsense/service/modules/template.py", line 42, in <module>
    import jinja2
ModuleNotFoundError: No module named 'jinja2'
/usr/local/etc/rc.d/configd: WARNING: failed to start configd
Keep version OPNsense\AcmeClient\AcmeClient (2.1.0)
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/AcmeClient: configd not running!
pkg-static: POST-INSTALL script failed

I've saved the automation again now.

Fright · January 28, 2022, 02:37:38 PM

QuoteExtracting os-acme-client-2.6: .......... done

2.6 introduced in 21.1.9.
3.8 in 21.7.8

QuoteExtracting os-wireguard-1.7:

1.8 introduced in 21.7.5
1.10 in 21.7.8

sorry, dont understand whats happening here. can you share full update log if possible please?

atom · January 28, 2022, 02:54:53 PM

Yes, it looks a little weird. I've upgraded from 21.7.7 to 21.7.8, but the update log is from 21.8.
Only timestamp of directory "." is correct.

Code Select


ls -lart /var/cache/opnsense-update
total 52
prw-r--r--  1 root  wheel      0 Aug 21 08:23 .upgrade.pipe
-rw-r--r--  1 root  wheel  39566 Aug 21 08:25 .upgrade.log
drwxr-x---  2 root  wheel    512 Aug 21 08:25 .sets.pending
drwxr-xr-x  6 root  wheel    512 Jan 26 20:38 ..
drwxr-xr-x  3 root  wheel    512 Jan 27 22:33 .

Fright · January 28, 2022, 03:18:04 PM

oh. old entries.. )
can you check AcmeClient version in config.xml and if it < 3.1.0 run

Code Select

/usr/local/opnsense/mvc/script/run_migrations.php
from console?
any errors while running script or in System: Log Files: General after it?

atom · January 28, 2022, 03:48:52 PM

the version looks good:

Code Select


cat config.xml | grep "<AcmeClient "
    <AcmeClient version="3.2.0">

Fright · January 28, 2022, 04:49:34 PM

hm. sorry, the only version i have: 3.1.0 model migration was added with 3.5 plugin ver. while model was allready assigned 3.1.0 ver with 3.4 plugin release. so may be migration was never ran. but i can missing something here.

atom · January 28, 2022, 05:14:42 PM

I've got the same version on my OPNsense with 22.1.

Fright · January 28, 2022, 05:51:42 PM

sorry, I didn't express myself clearly ). I didn't mean "plugin version". The version of what is happening.
in short - perhaps a special migration was not run and the automation types were not renamed automatically. if I understand the code correctly, it will be enough to edit and re-save the existing automations. in this case, the type will change to correct (new) and no more errors should occur

atom · January 29, 2022, 12:02:50 PM

I re-saved the automation yesterday.
Today runs the renew of the certificate without a problem.

Fright · January 29, 2022, 04:09:32 PM

cool! :D

atom · January 29, 2022, 04:54:49 PM

Thank you !

21.7.8 acme issue

atom

January 28, 2022, 06:45:26 AM Last Edit: January 28, 2022, 09:16:14 AM by atom

Fright

January 28, 2022, 11:17:46 AM #1

atom

January 28, 2022, 12:44:09 PM #2

Fright

January 28, 2022, 02:37:38 PM #3

atom

January 28, 2022, 02:54:53 PM #4

Fright

January 28, 2022, 03:18:04 PM #5

atom

January 28, 2022, 03:48:52 PM #6

Fright

January 28, 2022, 04:49:34 PM #7

atom

January 28, 2022, 05:14:42 PM #8

Fright

January 28, 2022, 05:51:42 PM #9 Last Edit: January 28, 2022, 06:12:32 PM by Fright

atom

January 29, 2022, 12:02:50 PM #10

Fright

January 29, 2022, 04:09:32 PM #11

atom

January 29, 2022, 04:54:49 PM #12