Losing access after switching to SSL or from self-signed to Unraid's LE cert. Please help I'm completely stuck.

[BurntOC]

So I'll sum up a whole lot of pain by saying I updated both of my servers from 6.9.2 to 6.10rc2, and on one of them bluetooth stopped working in its VM.  I messed with vfio devices and screwed up my server, then I decided to start fresh after taking lots of notes.  I'm having an absolutely hellish time getting ssl enabled on the new server.  I've tried over 20 times, checking DNS settings, editing ident.cfg when access was lost, and in almost all when I enable SSL I lose access to the web gui.

 

This last time I actually got the Unraid self-signed cert and I could still access the gui, but I provisioned a Let's Encrypt cert from Unraid using the button provided and I've lost access again - even though it had succeeded in grabbing the cert.  

 

I've done this probably a dozen times in the past and everything was fine.  My other server is fine, though it did already have its LE cert when I upgraded it.  I don't want to spend hours setting my server back up again to trip up on this, so I'm stuck and this is my primary Unraid server with my gaming VM and about 25 containers when fully configured.  I've attached diagnostics and I would really appreciate help understanding what the heck is going on.

unraid1-diagnostics-20220225-0725.zip

[BurntOC]

Looking through the logs myself, though I don't expect I know exactly what to look for, this catches my eye:

 

Feb 25 07:18:25 unraid1 root: nginx: [emerg] cannot load certificate "/boot/config/ssl/certs/certificate_bundle.pem": PEM_read_bio_X509() failed (SSL: error:0908F066:PEM routines:get_header_and_data:bad end line)

 

No idea why this would go from working fine to just not working at all.  DNS seems okay, too, unless I'm missing something.

[BurntOC]

Adding another update for other souls as I think I'm on track. My flash drive had two certs - the self signed one and certificate_bundle.pem, which I believe is the one Unraid generates from Let's Encrypt. I deleted certifcate_bundle.pem and now I'm back in via SSL, though it is using the self-signed cert so I'm not sure how the heck to go forward from here as I would like the LE cert to work.

[BurntOC]

Looks like the main issue is that Unraid is not getting a complete PEM bundle as identified in this thread here:

 

 

I've been able to bring over a certificates_bundle.pem from a recent backup, but it expires in May so I hope that gets fixed.  I also can't figure out how to get Unraid to stop using the self-signed cert now and use the proper certificates_bundle.pem I've supplied.  It shows the info in the Management Access screen, but it keeps using the other one and if I delete the other cert it just recreates it.  Grrr...

[Squid]

@ljm42

[BurntOC]

1 hour ago, Squid said:

@ljm42

 

@Squid - thanks for raising the visibility on this.  I really do believe it's a bug as it consistently only pulls 12000 bytes of the pem instead of the full thing.  While that's being looked at, can you tell me how I can get Unraid to stop creating a self-signed cert and using that instead of the valid one I copied over from a backup from earlier this week?  I've attached a pic in case it is hard to understand what I'm saying.

 

Edited February 26, 2022 by BurntOC

[Squid]

5 minutes ago, BurntOC said:

stop creating a self-signed cert and using that instead of the valid one I copied over from a backup from earlier this week?

 

This is the best I can offer you https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29

 

I myself know nothing about the subject at hand.

[BurntOC]

7 hours ago, Squid said:

 

This is the best I can offer you https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29

 

I myself know nothing about the subject at hand.

 

Thanks, @Squid.  The way I read it, I'm doing it properly.  I think it is associated with this bug that was supposed to be fixed in rc2, but appears to possibly be showing up again.