Registration: Unraid OS - flash device error


6of6

Recommended Posts

That's what I see atop the right corner (third line down) of my webUI.

 

If I click on the error, it (basically) says that the "flash boot device" can't be accessed because of error ENOFLASH3.

 

Running a preclear when it happened. No services (Plex, etc.) will start. WebUI was "finicky" after restart with new drive.

 

Most likely reason for error (imho) is recent change to own SSL certificate for WebUI.

 

Thanks... (oh, unraid 6.9.1 stable).

 

6.

Link to comment

I would like to apologize to everyone for the way I posted my frustrations. I truly regret it and I deserve to.

 

After a couple of days of testing, I was very happy that the UnRAID OS never failed in the slightest. The  WebUI might be a different story.

 

To be brief; I provisioned an SSL certificate via UnRAID and then didn’t want the “public” record of my WebUI address being available (least of all via “unraid.net”). My valid/proven “unraid.mydomain.tld” certificate worked (for a bit?), but it has no DNS/Public record. I’m pretty sure this screwed up the UnRAID flash drive’s ability to (phone home) confirm my valid license.

 

The “account” comment was regarding the UnRAID WebUI pushing the “key.unraid.net” certificate.

 

Again, I’m very sorry. I keep thinking this stuff is simple, but it’s not.

 

6.

Edited by 6of6
spelling
  • Like 1
Link to comment
On 4/12/2021 at 1:11 AM, 6of6 said:

To be brief; I provisioned an SSL certificate via UnRAID and then didn’t want the “public” record of my WebUI address being available (least of all via “unraid.net”). My valid/proven “unraid.mydomain.tld” certificate worked (for a bit?), but it has no DNS/Public record. I’m pretty sure this screwed up the UnRAID flash drive’s ability to (phone home) confirm my valid license.

 

If you go to Settings -> Management Access and turn on help, you'll see there are several options for configuring SSL.

 

If you set "Use SSL/TLS" to Auto and provision a cert, that will use Unraid's built-in Let's Encrypt certificate with a yourpersonalhash.unraid.net domain. This requires DNS Rebinding to be disabled for the unraid.net domain, as we automatically setup DDNS for yourpersonalhash.unraid.net that points to your internal IP address so the certificate will work.

 

You can also use a legit certificate that you provide. If you do this then you need to manage DNS on your network so that the name resolves.

 

Or you can use a self-signed cert.

 

Or you can disable SSL and use http.

 

Unraid will work fine with any of those settings. 

 

I can't tell if you have installed the Unraid.net My Servers plugin. If you have, then the only restriction there is that the Remote Access solution requires you to have "Use SSL/TLS" set to "Auto". Other than that, everything else can be used regardless of how SSL is configured.


It is very unclear what the actual issue is that you are having, which makes it very difficult to help :) Please feel free to add screenshots if you aren't able to describe the issue, blanking out anything you feel is private. Depending on what the problem is you can save time by uploading your diagnostics (from Tools -> Diagnostics).

  • Thanks 1
Link to comment

I think my problem is I can't access the WebUI with and without SSL with unRAID. With pfSense, I have "whatever.mydomain.tld" that works if Internet works (have to validate the certificate), but "https://MYIP" also works with the normal warning about self signed certs. The UnRAID WebUI doesn't appear to have an option for BOTH unsecured and (un)secured login.

 

@ljm42... Thank you!... You have effectively summarized everything I have tried and failed at. The WebUI is working perfectly as "http://<IP>" or "http://hostname". It will NOT work as https://<IP> and that's really the first step before trying anything else, I think?

 

6.

 

Link to comment
19 minutes ago, 6of6 said:

I think my problem is I can't access the WebUI with and without SSL with unRAID. With pfSense, I have "whatever.mydomain.tld" that works if Internet works (have to validate the certificate), but "https://MYIP" also works with the normal warning about self signed certs. The UnRAID WebUI doesn't appear to have an option for BOTH unsecured and (un)secured login.

When you enable HTTPS in Unraid, then you can no longer use HTTP. Well, you can, but it automatically redirects you to the HTTPS port. So if that is what you are seeing then it is working as designed.

 

22 minutes ago, 6of6 said:

The WebUI is working perfectly as "http://<IP>" or "http://hostname". It will NOT work as https://<IP> and that's really the first step before trying anything else, I think?

A valid cert must be for a Fully Qualified Domain Name, a certificate will not be issued for an IP address. So https://<IP> will not work without ignoring certificate errors from your browser.

 

In terms of next steps, what are you trying to achieve? It sounds like you had a working SSL setup but then disabled it so I'm not sure what your goal is.

 

  • Thanks 1
Link to comment

ljm42> When you enable HTTPS in Unraid, then you can no longer use HTTP.

 

I presumed that, and thank you for confirming it. BUT!... As I was relating to pfSense... pfSense will ONLY accept a secured connection. It could be local, like http://1.1.1.1, or public/private, like mehavefun.mydomain.tld. The KEY is IT WILL ALWAYS WORK!!!

 

Recently, the Internet went out (wasn't available/cut off). I couldn't get to pfSense with "mydomain.tld", but it would work with "https:<ip>". And, yes... that's httpS://<ip>.

 

ljm42> In terms of next steps, what are you trying to achieve? It sounds like you had a working SSL setup...

 

I thought I had it working, but then I had to restart the server and the WebUI broke. You'll forgive me if I don't wish to reproduce the problem again at this time -- I'm not prepared (no SSH and no video cable to the server at this time) at this time.

 

I understand why the UnRAID WebUI works as it does (trying to provide security to "end" users, I really respect that). If I were smarter, I would make it do what I want (its just a linux box) and what I WANT is for the WebUI to NEVER fail and ALWAYS be secured. That's what pfSense does unless you can prove it wrong.

 

I can't thank you enough ljm42

 

(PS: Before posting I noticed that drag/drop doesn't work for copy; only move. If I've misquoted ljm42, please understand that it's my error.)

 

6.

Link to comment

I'm glad you are back up and running.

 

Only self-signed certs work on IP addresses, I would guess that your pfsense box has a self-signed cert for that IP and at some point you told your browser to accept that.

 

Unraid uses a full Lets Encrypt cert that is accepted by all browsers without needing to ignore warnings, as such it must have a Fully Qualified Domain Name such as yourpersonalhash.unraid.net. Lets Encrypt will not issue certificates for IP addresses.

 

If your DNS goes down and you cannot resolve yourpersonalhash.unraid.net then you should still be able to access https://ipaddress if you ignore the warnings from your browser saying the certificate is not valid for the url you are trying to use.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.