ZKWolf Posted May 21, 2022 Share Posted May 21, 2022 Hello! First of this isn't the first time this happened... Every time I enable the SSL Feature of myServer it just bricks the WebUI. It sends me to https://IP/ and that is for some reason unavailable. When I go to http://IP/ it brings me back to http. When i got to http://tower.local it brings me to https://tower.local/. My first thought was going to /boot/config/ident.cfg and setting USE_SSL from auto to no but nothing changed. After that I booted Unraid to GUI SAFE MODE but that says "Unable to connect" with http and https. Last time I fixed it was by remaking my howl server but I don't wanna do that again... Another thing is on the start screen where I select the Boot option of Unraid my curses goes zuuuuuummmmmm with ever click. What I mean is if I click down once it moves the cursor completely down. Same with up. My "solution" was spamming up and down till it lands on GUI SAFE MODE. Anything would help... Output of curl: C:\Users\jerem>curl -l http://192.168.1.101/ curl: (7) Failed to connect to 192.168.1.101 port 80 after 2044 ms: Connection refused C:\Users\jerem>curl -l https://192.168.1.101/ curl: (7) Failed to connect to 192.168.1.101 port 443 after 2062 ms: Connection refused zkwolf-tower-diagnostics-20220521-1201.zip Quote Link to comment
ZKWolf Posted May 21, 2022 Author Share Posted May 21, 2022 (edited) I read online that you can reboot the WebUI with "nginx -s reload". If i do that i get this message: nginx: [emerg] cannot load certificate "/etc/ssl/certs/unraid_bundle.pem": PEM_read_bio_X509() failed (SSL: error:0908F066:PEM routines:get_header_and_data:bad end line) Does this help? I tried deleting the content of /etc/ssl/cert/ and rebooted but i get the same error. Source: Edited May 21, 2022 by ZKWolf Quote Link to comment
ljm42 Posted May 21, 2022 Share Posted May 21, 2022 2 hours ago, ZKWolf said: Every time I enable the SSL Feature of myServer Just to be clear, SSL is a feature of the base OS. Installing/uninstalling the My Servers plugin will have no effect on SSL. Safe mode will have no effect on SSL either, as it is not related to a plugin. 39 minutes ago, ZKWolf said: I read online that you can reboot the WebUI with "nginx -s reload". No, don't do that. On Unraid you should do: /etc/rc.d/rc.nginx reload It sounds like you've been trying a bunch of things, so the diagnostics are probably not current. If you deleted the certificates and ran the command above, then you should be able to access the webgui via either of these urls: http://ipaddress http://ZKWolf-Tower.local If the login screen comes up but won't let you log in, clear your browser's cache. Let me know if you can get that far, and then let me know what your goals are. Also please provide current diagnostics. Quote Link to comment
ZKWolf Posted May 21, 2022 Author Share Posted May 21, 2022 (edited) 44 minutes ago, ljm42 said: /etc/rc.d/rc.nginx reload SSH Output: root@ZKWolf-Tower:~# /etc/rc.d/rc.nginx reload Nginx is not running After that I deleted the Certs and ran it again: root@ZKWolf-Tower:~# rm /etc/ssl/certs/* root@ZKWolf-Tower:~# ls /etc/ssl/certs/ root@ZKWolf-Tower:~# /etc/rc.d/rc.nginx reload Nginx is not running root@ZKWolf-Tower:~# /etc/rc.d/rc.nginx start Starting Nginx server daemon... nginx: [emerg] cannot load certificate key "/etc/ssl/certs/unraid_bundle.pem": PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY) root@ZKWolf-Tower:~# I restarted the server and created a new Diagnostic.zip Reload still says Nginx not running. Edit: My goals are having access to the Web-UI again. zkwolf-tower-diagnostics-20220521-1510.zip Edited May 21, 2022 by ZKWolf Quote Link to comment
ljm42 Posted May 21, 2022 Share Posted May 21, 2022 OK things are in a strange state. Let's delete the cert and reboot: rm /boot/config/ssl/certs/certificate_bundle.pem reboot (that first command might give an error that the file doesn't exist, that is fine. I'm not 100% sure if you already did that) After the reboot you should be able to access the webgui via either of these urls: http://ipaddress http://ZKWolf-Tower.local If the login screen comes up but won't let you log in, clear your browser's cache. Quote Link to comment
ZKWolf Posted May 21, 2022 Author Share Posted May 21, 2022 1 minute ago, ljm42 said: OK things are in a strange state. Let's delete the cert and reboot: root@ZKWolf-Tower:~# rm /boot/config/ssl/certs/certificate_bundle.pem root@ZKWolf-Tower:~# reboot Broadcast message from root@ZKWolf-Tower (pts/0) (Sat May 21 15:23:26 2022): The system is going down for reboot NOW! root@ZKWolf-Tower:~# Still get ERR_CONNECTION_REFUSED And I don't know how this just happened but /boot is now empty????? C:\Users\jerem>ssh [email protected] Password: Last failed login: Sat May 21 15:27:49 PDT 2022 from 192.168.1.234 on ssh:notty There were 7 failed login attempts since the last successful login. Linux 5.10.28-Unraid. root@ZKWolf-Tower:~# diagnostics Starting diagnostics collection... mkdir: cannot create directory ‘/boot/logs’: Input/output error done. ZIP file '/boot/logs/zkwolf-tower-diagnostics-20220521-1529.zip' created. root@ZKWolf-Tower:~# ls /boot/ root@ZKWolf-Tower:~# ls /boot/ root@ZKWolf-Tower:~# sudo ls /boot/ root@ZKWolf-Tower:~# diagnostics Starting diagnostics collection... mkdir: cannot create directory ‘/boot/logs’: Input/output error done. ZIP file '/boot/logs/zkwolf-tower-diagnostics-20220521-1531.zip' created. root@ZKWolf-Tower:~# reboot Yes I know I had CapsLock enabled that's why 7 failed logins... Another reboot and my /boot folder is back again. New diagnostics attached. But the Web-UI is back again! So solved? Should I send anything else or change something so this doesn't happen again? zkwolf-tower-diagnostics-20220521-1537.zip Quote Link to comment
itimpi Posted May 21, 2022 Share Posted May 21, 2022 Just now, ZKWolf said: And I don't know how this just happened but /boot is now empty????? This implies that the flash drive has dropped offline (or was never mounted if this is just after booting). Quote Link to comment
ljm42 Posted May 21, 2022 Share Posted May 21, 2022 Glad you are back up and running. 8 minutes ago, ZKWolf said: So solved? That gets back to my question about your goal. If you are trying to get an unraid.net SSL certificate so you can setup My Servers Remote Access, then we aren't there yet. I suspect that the reason you had issues is that your network has DNS Rebinding Protection enabled. Let's check that and decide whether to continue. Open a web terminal (or SSH) and run: ping -c 1 -w 1 rebindtest.unraid.net then post the output here Quote Link to comment
ZKWolf Posted May 21, 2022 Author Share Posted May 21, 2022 The Boot folder is back after another restart. It would be nice to have MyServer but i am running all of this behind a Unifi DreamMachine PRO and from what i read its pretty hard/impossible to set up RebindDNS on it. I did enter everything on my router and on the UDM-Probut i am still getting 100% packet lost to "ping -c 1 -w 1 rebindtest.unraid.net" on it so i think ill let it be unless anyone knows a way to set it up behind a UDM-Pro. One thing i did notice is that Port 443/https is not usable. I have noticed this in the past and only used http/Port 80 but if i reenable SSL will the error occurre again? Should i test it? Quote Link to comment
ljm42 Posted May 21, 2022 Share Posted May 21, 2022 16 minutes ago, ZKWolf said: I did enter everything on my router and on the UDM-Probut i am still getting 100% packet lost to "ping -c 1 -w 1 rebindtest.unraid.net" on it so i think ill let it be unless anyone knows a way to set it up behind a UDM-Pro. Please paste the result? Packet loss is expected, what I need to see is did it resolve to the correct IP address. 16 minutes ago, ZKWolf said: One thing i did notice is that Port 443/https is not usable. What do you mean by this? Do you have a Docker container that is already running on port 443? If so, then to setup SSL for the webgui you will need a different port, perhaps something like 2443 or 3443, as long as it is not already in use. Quote Link to comment
ZKWolf Posted May 21, 2022 Author Share Posted May 21, 2022 4 minutes ago, ljm42 said: I did enter everything on my router and on the UDM-Probut i am still getting 100% packet lost to "ping -c 1 -w 1 rebindtest.unraid.net" on it so i think ill let it be unless anyone knows a way to set it up behind a UDM-Pro. Result: C:\WINDOWS\system32>ping -c 1 -w 1 rebindtest.unraid.net Pinging rebindtest.unraid.net [192.168.42.42] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.42.42: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\WINDOWS\system32> I don't know why it shows 192.168.42.42. My IP ranges are 192.168.1.X and 192.168.178.X My DNS Servers are 1.1.1.1 and 8.8.8.8 8 minutes ago, ljm42 said: Do you have a Docker container that is already running on port 443? If so, then to setup SSL for the webgui you will need a different port, perhaps something like 2443 or 3443, as long as it is not already in use. No I have all of my dockers on other IPs except a few that use different Ports. I just set SSL/TLS to Auto and I get the ERR_CONNECTION_REFUSED again on https://zkwolf-tower.local and https://192.168.1.101/. I also changed to Port to 9443 and still Connection refused. I made a new Diagnostics and I don't know if I should restart because a Parity-Check is in progress at the moment. zkwolf-tower-diagnostics-20220522-0124.zip Quote Link to comment
ljm42 Posted May 21, 2022 Share Posted May 21, 2022 1 minute ago, ZKWolf said: I don't know why it shows 192.168.42.42. That is the test, if rebindtest.unraid.net resolves to that address then we know that DNS Rebinding Protection is disabled on your network, and you WILL be able to use an unraid.net SSL certificate. Nothing actually exists at that address, so nothing will respond when you ping it. But Unraid 6.9.2 does not have `nslookup` so I use `ping` to test it. 5 minutes ago, ZKWolf said: I just set SSL/TLS to Auto and I get the ERR_CONNECTION_REFUSED again on https://zkwolf-tower.local and https://192.168.1.101/. You are jumping ahead You should still be able to login at the http url right? Let's go back to your goal. Do you want: 1) https://zkwolf-tower.local on a self-signed cert 2) or do you want https://yourpersonalhash.unraid.net with an official Lets Encrypt certificate and the ability to use My Servers Remote Access? If you want both, then you need to upgrade to 6.10.1 before proceeding. 6.9.2 only supports one or the other. Quote Link to comment
ZKWolf Posted May 21, 2022 Author Share Posted May 21, 2022 I'm sorry for jumping ahead. 😅 I don't want to update to a Beta OS because I really don't want to kill my Server and remake all my dockers... So im setting my goal to MyServer. http://zkwolf-tower.local/ is still up and I can do everything. What do I need to do? My current config: Just a thing I want to say is that when I paste a Screenshot from my ClipBoard to a Reply it Uploads it twice. Don't know if its a me problem. 😅 Quote Link to comment
ljm42 Posted May 21, 2022 Share Posted May 21, 2022 FYI, Unraid 6.10 came out of beta this week. 6.10.1 is the current stable release of Unraid. But that is fine, we can stick with 6.9.2. Go ahead and press Provision. Because Use SSL is set to "Auto", this will replace the self-signed cert with an official Lets Encrypt certificate and change your Local Access url to https://yourpersonalhash.unraid.net:9443 Quote Link to comment
ZKWolf Posted May 22, 2022 Author Share Posted May 22, 2022 (edited) 8 minutes ago, ljm42 said: Go ahead and press Provision. Because Use SSL is set to "Auto", this will replace the self-signed cert with an official Lets Encrypt certificate and change your Local Access url to https://yourpersonalhash.unraid.net:9443 I did and it redirected me to https://hash.unraid.net:9443/ But no access. 9443 is Forwarded on my router and UDM to my unraid client. Edit: I can still access http://192.168.1.101/login Edited May 22, 2022 by ZKWolf Quote Link to comment
ljm42 Posted May 22, 2022 Share Posted May 22, 2022 6 minutes ago, ZKWolf said: I did and it redirected me to https://hash.unraid.net:9443/ But no access. Try to ping hash.unraid.net (use your actual hash through ) If should resolve to your server's ip address. if it doesn't yet then wait a bit for DNS to propagate. Quote Link to comment
ZKWolf Posted May 22, 2022 Author Share Posted May 22, 2022 2 minutes ago, ljm42 said: Try to ping hash.unraid.net Pinging HashHashHash.unraid.net [192.168.1.101] with 32 bytes of data: Reply from 192.168.1.101: bytes=32 time<1ms TTL=64 Reply from 192.168.1.101: bytes=32 time<1ms TTL=64 Reply from 192.168.1.101: bytes=32 time<1ms TTL=64 Reply from 192.168.1.101: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.1.101: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\WINDOWS\system32> I get a response from the Server. I also tried a different Browser but same as in Chrome ^^ Quote Link to comment
ljm42 Posted May 22, 2022 Share Posted May 22, 2022 OK so it resolves correctly but the server isn't responding? That is unexpected. You mentioned you can still get in via http, which is odd as well. Please login and go to the Settings -> Management Access, would you mind taking a screenshot? block out your hash if you can Quote Link to comment
ZKWolf Posted May 22, 2022 Author Share Posted May 22, 2022 I might be blind... But I don't see my hash here? Anyway this is the Screenshot: Quote Link to comment
ljm42 Posted May 22, 2022 Share Posted May 22, 2022 2 minutes ago, ZKWolf said: I don't see my hash here? Sorry, I'm thinking of 6.10 Let's open a web terminal or SSH and run: /etc/rc.d/rc.nginx reload Now if you access http://ipaddress does it redirect to https://hash.unraid.net:9443 ? Quote Link to comment
ZKWolf Posted May 22, 2022 Author Share Posted May 22, 2022 2 minutes ago, ljm42 said: /etc/rc.d/rc.nginx reload root@ZKWolf-Tower:~# /etc/rc.d/rc.nginx reload Checking configuration for correct syntax and then trying to open files referenced in configuration... nginx: [emerg] cannot load certificate "/etc/ssl/certs/unraid_bundle.pem": PEM_read_bio_X509() failed (SSL: error:0908F066:PEM routines:get_header_and_data:bad end line) nginx: configuration file /etc/nginx/nginx.conf test failed Invalid configuration, Nginx not reloaded root@ZKWolf-Tower:~# And http://IP/ does not redirect. Everything is still accessible via that address. I tried https://HASH.unraid.net:9443/ again but still nothing on there. If I need to I can Upgrade to 6.10.1 because as you said its released. Quote Link to comment
ljm42 Posted May 22, 2022 Share Posted May 22, 2022 OK there is an issue with the certificate. I'm going to need to ask for help on this, we'll need to pause for now. Please send me a DM with your full hash url so we can look it up in the database. Quote Link to comment
ZKWolf Posted May 22, 2022 Author Share Posted May 22, 2022 I hope I did this right and sent you a DM. This doesn't have any urgency and I will try my best to not restart my Server in the meantime. Thanks for your help! Quote Link to comment
ljm42 Posted May 22, 2022 Share Posted May 22, 2022 Thanks! I'd recommend that you delete the bad cert: rm /boot/config/ssl/certs/certificate_bundle.pem especially if you choose to upgrade to 6.10, that will smooth the upgrade. Rebooting is fine. You are also welcome to try provisioning again later, just delete the cert again if it fails. Quote Link to comment
Solution ljm42 Posted May 22, 2022 Solution Share Posted May 22, 2022 Hi @ZKWolf we've resolved the issue with your cert. Please open a web terminal and run: rm /boot/config/ssl/certs/certificate_bundle.pem then press Provision again. Your url should change to https://hash.unraid.net:9443 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.