SOLVED: 6.11.1 Problems with SSL and HTTPS

[Opus44]

Scenario One Conditions

• - myServers plugin not installed
• - use SSL/TSL no
• - two SSL certs in /boot/config/ssl/certs 

    root@rocky:/boot/config/ssl/certs# ls -la
    -rw------- 1 root root  2851 Sep 15 15:51 rocky_unraid_bundle.pem
    -rw------- 1 root root  2884 Sep 14 15:56 unraid-server_unraid_bundle.pem

    

• - Self-signed or user-provided certificate: /boot/config/ssl/certs/rocky_unraid_bundle.pem
• - Certificate URL: rocky.local
• - Certificate issuer: O = Self-signed, OU = unRAID, CN = rocky.local
• - Certificate expiration: Sun 12 Sep 2032 03:51:06 PM CDT
• - CA-signed certificate file: Not present

    
local access results: 

http://192.168.X.XX/   works- signed in "not secure"  

http://rocky.local/       displays sign-in screen but refuses signin as root   

https://192.168.X.XX/  site can't be reached 

https://rocky.local/     site can't be reached   

Scenario Two:

• - use SSL/TSL yes
• - everything else set the same 
   

local access results :

http://192.168.X.XX/ (redirects to https://192.168.X.XX/)                   does not redirect but does sign-in   

https://192.168.X.XX/ (uses certificate rocky_unraid_bundle.pem )   redirects to http and signs in  

http://rocky.local/ (redirects to https://rocky.local/)                         does not redirect but does sign-in     

https://rocky.local/ (uses certificate rocky_unraid_bundle.pem )      redirects to http and signs in    

 

I also have scenarios with the myservers plugin installed while using/not using remote-access that do not behave properly. But before delving into them, I'd like these two scenarios resolved. Let's keep thing simple.  

 

rocky-diagnostics-20221104-0835.zip

Edited November 4, 2022 by Opus44

[ljm42]

You have Unraid 6.11.1, so on the Settings -> Management Access page it lists the available urls for each scenario. In scenario one (Use SSL = No) only the two http urls should be list listed. Hopefully that is clear that the two https urls are not going to work?

 

If you are seeing something different please provide a screenshot of this page in scenario one. I need to see all the settings and the Local Access urls that are listed.

 

> displays sign-in screen but refuses signin as root

 

Your browser is confused because of switching SSL on and off. Two possibilities:

 

One - if you already have a tab open to https://rocky.local then the server will get confused if you disable https and try to access http://rocky.local in another tab.  So close all tabs pointing to the server but one. It may help to completely restart your browser or even your client computer to make sure there really are no hidden tabs open.

 

Two - Your browser may have cached a response that was valid for SSL being enabled but is no longer valid after disabling it. So after doing the above, try accessing the site in private/incognito mode. That will most likely work, so to fix it in your main browser you'll need to clear your cache.

Your scenario two results don't make sense I think this is more of the browser confusion mentioned above. Any time you change Use SSL from No to Yes or Yes to No you may need to repeat the steps above.

 

[Opus44]

28 minutes ago, ljm42 said:

You have Unraid 6.11.1, so on the Settings -> Management Access page it lists the available urls for each scenario. In scenario one (Use SSL = No) only the two http urls should be list listed. Hopefully that is clear that the two https urls are not going to work?

Yes. that is clear and what I expected.  Only thing I am baffled by with result one is not being able to sign in.  But what you say makes sense and I will flush the cache and see if that clears things up for that scenario.

I totally don't understand the problems with scenario two.  It makes me wonder if there is a problem with the SSL certificate in the /boot/... folder.  Also curious as to why there are two.  Is it because I renamed the UNRAID server after setting it up?
 

[ljm42]

6 minutes ago, Opus44 said:

Also curious as to why there are two.  Is it because I renamed the UNRAID server after setting it up?

Feel free to delete the one with the old server name, it is not going to be used

 

[Opus44]

Clearing the browser cache fixed all of scenario two and the sign-in problem with scenario one.   Thanks so much for solving this.  I spent way too much time agonizing over this.   


 

[ljm42]

woohoo!

 

When you are ready to start setting up My Servers Remote Access, see https://wiki.unraid.net/My_Servers#Configuring_Remote_Access_.28optional.29