2018-02-18 01:54 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001879openmediavaultBugpublic2018-02-11 09:44
Reporterkleag 
Assigned Tovotdev 
PrioritynormalSeverityblockReproducibilityalways
StatusclosedResolutionno change required 
PlatformGNU/LinuxOSarmbianOS Version5.36
Product Version 
Target VersionFixed in Version 
Summary0001879: Error installing LetsEncrypt generated private key
DescriptionAfter generating (and validating) a certificate with the letsencrypt plugin, I set to use it in my nginx plugin. Just after that OMV ceased to work.
After searching, I found that nginx failed to restart due to an error with the certificate.

After a lot more searching, I found that that certificate and the private key did not match:
openssl x509 -noout -modulus -in /etc/ssl/certs/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.crt | openssl md5
(stdin)= cd0499f1ebf0426054beffe8eeb3f6eb
openssl rsa -noout -modulus -in /etc/ssl/private/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.key | openssl md5
(stdin)= ebdef1c04f138467d187fba6b43f538c

After replacing the private key with the one from the letsencrypt file, the md5 sums match again:
cp /etc/letsencrypt/live/essai2/privkey.pem /etc/ssl/private/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.key

openssl rsa -noout -modulus -in /etc/ssl/private/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.key | openssl md5(stdin)= cd0499f1ebf0426054beffe8eeb3f6eb
openssl x509 -noout -modulus -in /etc/ssl/certs/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.crt | openssl md5(stdin)= cd0499f1ebf0426054beffe8eeb3f6eb

And OMV and nginx work again.

So, I suppose that the plugin installed the wrong private key.
Steps To Reproduce- Generate a letsencrypt certificate
- Set it as the certificate for a nginx site in the nginx plugin
- Try to use OMV. It fails.
Additional Informationserver {
    listen 443 ssl;
    listen [::]:443 ssl;
# ssl_certificate /etc/ssl/certs/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.crt;
# ssl_certificate_key /etc/ssl/private/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.key;
    set $root_path "/srv/dev-disk-by-label-myrgabackup/www-data/public_html";
    root $root_path;
    index index.html;
    access_log /var/log/nginx/eb40a1a2-80fc-4c30-97ce-e2cdf333a499-access.log;
    error_log /var/log/nginx/eb40a1a2-80fc-4c30-97ce-e2cdf333a499-error.log;
    large_client_header_buffers 4 8k;
}


myrga.tk,www.myrga.tk,omv.myrga.tk


Error #0:
OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-6fc7037e-bda4-45ac-b19e-c51c2fe3e61f.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed in /usr/share/php/openmediavault/system/process.inc:175
Stack trace:
#0 /usr/share/openmediavault/engined/module/webserver.inc(40): OMV\System\Process->execute()
#1 /usr/share/openmediavault/engined/rpc/config.inc(168): OMVModuleNginxAbstract->applyConfig()
0000002 [internal function]: OMVRpcServiceConfig->applyChanges(Array, Array)
0000003 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
0000004 /usr/share/php/openmediavault/rpc/serviceabstract.inc(150): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
0000005 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatus2a...', '/tmp/bgoutputT6...')
0000006 /usr/share/php/openmediavault/rpc/serviceabstract.inc(151): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
0000007 /usr/share/openmediavault/engined/rpc/config.inc(213): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
#8 [internal function]: OMVRpcServiceConfig->applyChangesBg(Array, Array)
0000009 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
#11 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
#12 {main}






================================================================================
= OS/Debian information
================================================================================
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.3 (stretch)
Release: 9.3
Codename: stretch

================================================================================
= openmediavault information
================================================================================
Release: 4.0.16-1
Codename: Arrakis

================================================================================
= System information
================================================================================
Linux bananapi 4.13.16-sunxi #20 SMP Fri Nov 24 19:50:07 CET 2017 armv7l GNU/Linux


================================================================================
= Static information about the file systems
================================================================================
# >>> [openmediavault]
/dev/disk/by-label/myrgabackup /srv/dev-disk-by-label-myrgabackup ext4 defaults,nofail,user_xattr,noexec,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,acl 0 2
# <<< [openmediavault]
--------------------------------------------------------------------------------
Plugins index:
==============
[
{
"abstract": "Nginx plugin for OpenMediaVault.",
"depends": "nginx, openmediavault (>= 4.0.4), php-fpm",
"installed": true,
"installedsize": 34266,
"name": "openmediavault-nginx",
"package": "openmediavault-nginx",
"repository": "Bintray/stretch",
"version": "4.0"
},
{
"abstract": "folder2ram plugin for OpenMediaVault",
"description": "folder2ram plugin for OpenMediaVaultn folder2ram manages temporary file systems across reboots, to decrease writes on permanent storage.n This allows the installation of OMV on flash thumb drives and SD cards.",
"version": "4.1"
},
{
"abstract": "Generate free and valid SSL certificates for OMV",
"depends": "openmediavault (>= 3.0.26), certbot",
"description": "Generate free and valid SSL certificates for OMVn Let's Encrypt allows you to to automatically generate free SSL certificates that you can use to secure server.n Visit https://letsencrypt.org for more information on the project.",
"installed": true,
"name": "openmediavault-letsencrypt",
"package": "openmediavault-letsencrypt",
"repository": "Bintray/stretch",
"summary": "Generate free and valid SSL certificates for OMV",
"version": "3.4.5"
},
TagsNo tags attached.
Product buildRelease: 4.0.16-1 Codename: Arrakis
Attached Files

-Relationships
+Relationships

-Notes

~0005106

ryecoaaron27 (reporter)

This was already fixed here - https://github.com/openmediavault/openmediavault/commit/2cdfed0a38bc1a2bf7f45f28b5cf2151d4cad2f6

This will allow the letsencrypt plugin update the private key.
+Notes

-Issue History
Date Modified Username Field Change
2018-01-15 23:31 kleag New Issue
2018-01-15 23:31 kleag Status new => assigned
2018-01-15 23:31 kleag Assigned To => votdev
2018-01-21 17:22 ryecoaaron27 Note Added: 0005106
2018-02-11 09:44 votdev Status assigned => closed
2018-02-11 09:44 votdev Resolution open => no change required
+Issue History