Results 1 to 7 of 7
  1. #1
    Untangler JohnnyBeGood's Avatar
    Join Date
    Oct 2020
    Location
    US & A
    Posts
    43

    Unhappy After installing new certificate I no longer can access GUI?

    Hey all,

    I had working Letsencrypt certificate for GUI and it was going to expire next week so I generated new one.
    Under certificates I uploaded cert and private key and it showed new expiration date. I checked all boxes HTTPS, SMTPS etc. and as soon as I hit save I lost access. I'm no longer able to access GUI with hostname.mydomain.net nor with https://192.168.1.1 ?
    Shouldn't there be a some sort of safe net to avoid this?

    Please help

    Example
    ssl.JPG
    Last edited by JohnnyBeGood; 01-10-2021 at 01:10 AM.

  2. #2
    Master Untangler
    Join Date
    Nov 2018
    Posts
    119

    Default

    It's never a good idea to expose your gateway/router/firewall to the internet. You should instead use a VPN to connect to it. Which version are you running?

  3. #3
    Master Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    125

    Default

    I think I managed to do this once or twice when changing the system name... I ended up getting back in via the online command control centre thingy.

  4. #4
    Untangler JohnnyBeGood's Avatar
    Join Date
    Oct 2020
    Location
    US & A
    Posts
    43

    Default

    Quote Originally Posted by soldier View Post
    It's never a good idea to expose your gateway/router/firewall to the internet. You should instead use a VPN to connect to it. Which version are you running?
    I have pings disabled, very strong password and with SSL enabled I thought it would be ok. Oh well, lesson learned. Need get back in I was on the v16.1.1

  5. #5
    Untangler JohnnyBeGood's Avatar
    Join Date
    Oct 2020
    Location
    US & A
    Posts
    43

    Default

    Quote Originally Posted by Armshouse View Post
    I think I managed to do this once or twice when changing the system name... I ended up getting back in via the online command control centre thingy.
    Glad I'm not the only one
    Odd thing is that when I try to access it via command center it starts to connect and text flashes "If redirection fails please click here" and it just goes back to the main page of the command center.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    Never muck with certificates without SSH enabled... because if you don't you're locked out.

    Without SSH the only repair is on the physical console itself.

    Fix script is here: https://wiki.untangle.com/index.php/...ed_certificate

    As for a sanity check, go complain to the Apache maintainers, because this is what Apache does when it doesn't like a certificate. Why? Well... that's often not easy to figure out.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangler JohnnyBeGood's Avatar
    Join Date
    Oct 2020
    Location
    US & A
    Posts
    43

    Default

    Quote Originally Posted by sky-knight View Post
    Never muck with certificates without SSH enabled... because if you don't you're locked out.

    Without SSH the only repair is on the physical console itself.

    Fix script is here: https://wiki.untangle.com/index.php/...ed_certificate

    As for a sanity check, go complain to the Apache maintainers, because this is what Apache does when it doesn't like a certificate. Why? Well... that's often not easy to figure out.
    You're a lifesaver! This script worked. Thank you!

    Luckily I had SSH enabled. Even after I reuploaded cert and private key I ran into same issue. So I manually edited /etc/apache2/ssl/apache.pem and restarted with /etc/init.d/apache2. Now it works and it shows same issued by info.
    ssl works.JPG

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2