BurntOC Posted February 25, 2022 Share Posted February 25, 2022 So I'll sum up a whole lot of pain by saying I updated both of my servers from 6.9.2 to 6.10rc2, and on one of them bluetooth stopped working in its VM. I messed with vfio devices and screwed up my server, then I decided to start fresh after taking lots of notes. I'm having an absolutely hellish time getting ssl enabled on the new server. I've tried over 20 times, checking DNS settings, editing ident.cfg when access was lost, and in almost all when I enable SSL I lose access to the web gui. This last time I actually got the Unraid self-signed cert and I could still access the gui, but I provisioned a Let's Encrypt cert from Unraid using the button provided and I've lost access again - even though it had succeeded in grabbing the cert. I've done this probably a dozen times in the past and everything was fine. My other server is fine, though it did already have its LE cert when I upgraded it. I don't want to spend hours setting my server back up again to trip up on this, so I'm stuck and this is my primary Unraid server with my gaming VM and about 25 containers when fully configured. I've attached diagnostics and I would really appreciate help understanding what the heck is going on. unraid1-diagnostics-20220225-0725.zip Quote Link to comment
BurntOC Posted February 25, 2022 Author Share Posted February 25, 2022 Looking through the logs myself, though I don't expect I know exactly what to look for, this catches my eye: Feb 25 07:18:25 unraid1 root: nginx: [emerg] cannot load certificate "/boot/config/ssl/certs/certificate_bundle.pem": PEM_read_bio_X509() failed (SSL: error:0908F066:PEM routines:get_header_and_data:bad end line) No idea why this would go from working fine to just not working at all. DNS seems okay, too, unless I'm missing something. Quote Link to comment
BurntOC Posted February 25, 2022 Author Share Posted February 25, 2022 Adding another update for other souls as I think I'm on track. My flash drive had two certs - the self signed one and certificate_bundle.pem, which I believe is the one Unraid generates from Let's Encrypt. I deleted certifcate_bundle.pem and now I'm back in via SSL, though it is using the self-signed cert so I'm not sure how the heck to go forward from here as I would like the LE cert to work. Quote Link to comment
BurntOC Posted February 25, 2022 Author Share Posted February 25, 2022 Looks like the main issue is that Unraid is not getting a complete PEM bundle as identified in this thread here: I've been able to bring over a certificates_bundle.pem from a recent backup, but it expires in May so I hope that gets fixed. I also can't figure out how to get Unraid to stop using the self-signed cert now and use the proper certificates_bundle.pem I've supplied. It shows the info in the Management Access screen, but it keeps using the other one and if I delete the other cert it just recreates it. Grrr... Quote Link to comment
BurntOC Posted February 25, 2022 Author Share Posted February 25, 2022 (edited) 1 hour ago, Squid said: @ljm42 @Squid - thanks for raising the visibility on this. I really do believe it's a bug as it consistently only pulls 12000 bytes of the pem instead of the full thing. While that's being looked at, can you tell me how I can get Unraid to stop creating a self-signed cert and using that instead of the valid one I copied over from a backup from earlier this week? I've attached a pic in case it is hard to understand what I'm saying. Edited February 26, 2022 by BurntOC Quote Link to comment
Squid Posted February 26, 2022 Share Posted February 26, 2022 5 minutes ago, BurntOC said: stop creating a self-signed cert and using that instead of the valid one I copied over from a backup from earlier this week? This is the best I can offer you https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 I myself know nothing about the subject at hand. Quote Link to comment
BurntOC Posted February 26, 2022 Author Share Posted February 26, 2022 7 hours ago, Squid said: This is the best I can offer you https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 I myself know nothing about the subject at hand. Thanks, @Squid. The way I read it, I'm doing it properly. I think it is associated with this bug that was supposed to be fixed in rc2, but appears to possibly be showing up again. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.