Management SSL cert expired, no ability to renew

kaiguy

By kaiguy
in General Support

Go to solution Solved by ljm42,

Recommended Posts

kaiguy Enthusiast

kaiguy

Posted
Posted

Hi there. Running 6.10.3. Searched for this error but I didn't seem to find anything in the forums.

 

Today Firefox gave me a warning when accessing the unraid GUI that the ssl cert was invalid. I took a look and it expired 3 days ago.

 

The Management Access settings also shows that the cert is expired, and the buttons for renew and delete are greyed out.

 

This appears to be the relevant log items:

  

Aug 12 08:09:38 titan nginx: 2022/08/12 08:09:38 [error] 12133#12133: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 184.28.78.21:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"

Aug 12 10:53:03 titan nginx: 2022/08/12 10:53:03 [error] 12133#12133: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 184.28.78.21:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"

 

Any suggestions for how to address?

Link to comment
neilt0 Community Regular

neilt0

Posted
Posted (edited)

Getting similar errors and can't access the unRAID webgui from Chrome:

  

Aug 12 19:52:05 T20 nginx: 2022/08/12 19:52:05 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"
Aug 12 20:00:05 T20 nginx: 2022/08/12 20:00:05 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"
Aug 12 20:05:10 T20 nginx: 2022/08/12 20:05:10 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"
Aug 12 20:10:11 T20 nginx: 2022/08/12 20:10:11 [error] 10919#10919: OCSP response not successful (6: unauthorized) while requesting certificate status, responder: r3.o.lencr.org, peer: 62.252.115.35:80, certificate: "/boot/config/ssl/certs/certificate_bundle.pem"

 

Yac3tt7.png

 

ETA: Upgrade  Cert may have fixed it

Edited by neilt0
Link to comment
  • Solution
ljm42 Experienced

ljm42

Posted
  • Solution
Posted

Hi folks, 

 

I suspect that the certificate was updated but the webserver was not reloaded afterwards.

 

If you are running into this issue when using Chrome, hit the Advanced button and then the Proceed link to get into the webgui. Other browsers likely have similar features to get past certificate errors.

 

Once you are in the webgui, open a web terminal and type: 

/etc/rc.d/rc.nginx reload

Or another option would be to simply reboot the server.

 

Once you have run that command (or rebooted) you will need to close ALL browser tabs pointed at this server in order for your browser to see the new cert. If you have any tabs open that are still using the old cert, the browser will not try to load the new one. You might want to restart the entire browser to be sure.

 

Then try accessing the webgui. If this was the problem you will now able to access the webgui without any certificate errors.
 

If you are still having issues, try a different browser entirely. If that doesn't help, please upload your diagnostics.zip file (from Tools -> Diagnostics)

  • Like 2
Link to comment
kaiguy Enthusiast

kaiguy

Posted
  • Author
Posted
2 hours ago, ljm42 said:

I suspect that the certificate was updated but the webserver was not reloaded afterwards.

Your suspicion was absolutely correct. Reloading nginx properly showed a renewed cert. Thanks so much!

 

Do you think this is something I should file a bug report for? Or could this have been an isolated incident? In any case, if I run into this again in the future, I'll know exactly what to do. Appreciate your help!

Link to comment
ljm42 Experienced

ljm42

Posted
Posted
2 hours ago, kaiguy said:

Your suspicion was absolutely correct. Reloading nginx properly showed a renewed cert. Thanks so much!

 

Do you think this is something I should file a bug report for? Or could this have been an isolated incident? In any case, if I run into this again in the future, I'll know exactly what to do. Appreciate your help!

 

Thanks for confirming! We'll track this down and get it fixed in the next release.

Link to comment
  • 1 month later...
Padrino Noob

Padrino

Posted
Posted
On 8/12/2022 at 6:14 PM, ljm42 said:

Hi folks, 

 

I suspect that the certificate was updated but the webserver was not reloaded afterwards.

 

If you are running into this issue when using Chrome, hit the Advanced button and then the Proceed link to get into the webgui. Other browsers likely have similar features to get past certificate errors.

 

Once you are in the webgui, open a web terminal and type: 

/etc/rc.d/rc.nginx reload

Or another option would be to simply reboot the server.

 

Once you have run that command (or rebooted) you will need to close ALL browser tabs pointed at this server in order for your browser to see the new cert. If you have any tabs open that are still using the old cert, the browser will not try to load the new one. You might want to restart the entire browser to be sure.

 

Then try accessing the webgui. If this was the problem you will now able to access the webgui without any certificate errors.
 

If you are still having issues, try a different browser entirely. If that doesn't help, please upload your diagnostics.zip file (from Tools -> Diagnostics)

 

I did the step by step instructions above with no success

deleted the old certificate, provisioned a new one

reloaded the nginx service and opened my unraid at a new browser

the message of certificate not valid keeps unchanged.

 

Attached you have my diagnostics.

padrinohd-diagnostics-20220925-0838.zip

Link to comment
Padrino Noob

Padrino

Posted
Posted
On 9/25/2022 at 8:40 AM, Padrino said:

 

I did the step by step instructions above with no success

deleted the old certificate, provisioned a new one

reloaded the nginx service and opened my unraid at a new browser

the message of certificate not valid keeps unchanged.

 

Attached you have my diagnostics.

padrinohd-diagnostics-20220925-0838.zip 117.38 kB · 0 downloads

 

 

Anyone can help with that??

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing