kaiguy Posted August 12, 2022 Share Posted August 12, 2022 Hi there. Running 6.10.3. Searched for this error but I didn't seem to find anything in the forums. Today Firefox gave me a warning when accessing the unraid GUI that the ssl cert was invalid. I took a look and it expired 3 days ago. The Management Access settings also shows that the cert is expired, and the buttons for renew and delete are greyed out. This appears to be the relevant log items: Aug 12 08:09:38 titan nginx: 2022/08/12 08:09:38 [error] 12133#12133: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 184.28.78.21:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem" Aug 12 10:53:03 titan nginx: 2022/08/12 10:53:03 [error] 12133#12133: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 184.28.78.21:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem" Any suggestions for how to address? Quote Link to comment
itimpi Posted August 12, 2022 Share Posted August 12, 2022 Just a thought - have you checked if those buttons are disabled if the array is stopped? Not near my server at the moment to check this out Quote Link to comment
neilt0 Posted August 12, 2022 Share Posted August 12, 2022 (edited) Getting similar errors and can't access the unRAID webgui from Chrome: Aug 12 19:52:05 T20 nginx: 2022/08/12 19:52:05 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem" Aug 12 20:00:05 T20 nginx: 2022/08/12 20:00:05 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem" Aug 12 20:05:10 T20 nginx: 2022/08/12 20:05:10 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem" Aug 12 20:10:11 T20 nginx: 2022/08/12 20:10:11 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem" ETA: Upgrade Cert may have fixed it Edited August 12, 2022 by neilt0 Quote Link to comment
ljm42 Posted August 12, 2022 Share Posted August 12, 2022 Please upload your full diagnostics.zip file (from Tools -> Diagnostics). I suspect there may be an issue with renewals, but I need to see full logs to investigate. 1 Quote Link to comment
Solution ljm42 Posted August 12, 2022 Solution Share Posted August 12, 2022 Hi folks, I suspect that the certificate was updated but the webserver was not reloaded afterwards. If you are running into this issue when using Chrome, hit the Advanced button and then the Proceed link to get into the webgui. Other browsers likely have similar features to get past certificate errors. Once you are in the webgui, open a web terminal and type: /etc/rc.d/rc.nginx reload Or another option would be to simply reboot the server. Once you have run that command (or rebooted) you will need to close ALL browser tabs pointed at this server in order for your browser to see the new cert. If you have any tabs open that are still using the old cert, the browser will not try to load the new one. You might want to restart the entire browser to be sure. Then try accessing the webgui. If this was the problem you will now able to access the webgui without any certificate errors. If you are still having issues, try a different browser entirely. If that doesn't help, please upload your diagnostics.zip file (from Tools -> Diagnostics) 2 Quote Link to comment
kaiguy Posted August 12, 2022 Author Share Posted August 12, 2022 2 hours ago, ljm42 said: I suspect that the certificate was updated but the webserver was not reloaded afterwards. Your suspicion was absolutely correct. Reloading nginx properly showed a renewed cert. Thanks so much! Do you think this is something I should file a bug report for? Or could this have been an isolated incident? In any case, if I run into this again in the future, I'll know exactly what to do. Appreciate your help! Quote Link to comment
ljm42 Posted August 13, 2022 Share Posted August 13, 2022 2 hours ago, kaiguy said: Your suspicion was absolutely correct. Reloading nginx properly showed a renewed cert. Thanks so much! Do you think this is something I should file a bug report for? Or could this have been an isolated incident? In any case, if I run into this again in the future, I'll know exactly what to do. Appreciate your help! Thanks for confirming! We'll track this down and get it fixed in the next release. Quote Link to comment
robinh Posted August 20, 2022 Share Posted August 20, 2022 Had the same issue and the nginx reload solved it for me aswell. Quote Link to comment
Padrino Posted September 25, 2022 Share Posted September 25, 2022 On 8/12/2022 at 6:14 PM, ljm42 said: Hi folks, I suspect that the certificate was updated but the webserver was not reloaded afterwards. If you are running into this issue when using Chrome, hit the Advanced button and then the Proceed link to get into the webgui. Other browsers likely have similar features to get past certificate errors. Once you are in the webgui, open a web terminal and type: /etc/rc.d/rc.nginx reload Or another option would be to simply reboot the server. Once you have run that command (or rebooted) you will need to close ALL browser tabs pointed at this server in order for your browser to see the new cert. If you have any tabs open that are still using the old cert, the browser will not try to load the new one. You might want to restart the entire browser to be sure. Then try accessing the webgui. If this was the problem you will now able to access the webgui without any certificate errors. If you are still having issues, try a different browser entirely. If that doesn't help, please upload your diagnostics.zip file (from Tools -> Diagnostics) I did the step by step instructions above with no success deleted the old certificate, provisioned a new one reloaded the nginx service and opened my unraid at a new browser the message of certificate not valid keeps unchanged. Attached you have my diagnostics. padrinohd-diagnostics-20220925-0838.zip Quote Link to comment
Padrino Posted October 1, 2022 Share Posted October 1, 2022 On 9/25/2022 at 8:40 AM, Padrino said: I did the step by step instructions above with no success deleted the old certificate, provisioned a new one reloaded the nginx service and opened my unraid at a new browser the message of certificate not valid keeps unchanged. Attached you have my diagnostics. padrinohd-diagnostics-20220925-0838.zip 117.38 kB · 0 downloads Anyone can help with that?? Quote Link to comment
JorgeB Posted October 2, 2022 Share Posted October 2, 2022 See if this helps: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.