Bug #10343
closedunbound crashes repeatedly when using acme plugin
0%
Description
I had a working pfSense for a long time. Today, I installed and configured the acme package to generate a LetsEncrypt cert, and I assigned that new cert in System>Advanced>SSl Certificate. The cert seemed to be working fine (though I had to reboot the whole firewall to make it start using the new SSL cert because option 11 on the console didn't make the new cert take effect in my browsers). Sometime after that, I noticed that the DNS service was crashing. Starting it back up just resulted in another instant crash. Rebooting did not help.
The solution was to disable the setting called "Enable SSL/TLS Service" under Services > DNS Resolver.
Here is the group of logs that kept repeating until I disabled that setting in Resolver:
Mar 13 19:17:44 pfsense.home.MYDOMAIN.com nginx: 2020/03/13 19:17:44 [error] 98842#100182: *9 open() "/usr/local/www/images/ui-icons_222222_256x240.png" failed (2: No such file or directory), client: 192.168.4.101, server: , request: "GET /images/ui-icons_222222_256x240.png HTTP/2.0", host: "192.168.4.1", referrer: "https://192.168.4.1/services_unbound.php"
Mar 13 19:17:43 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such file or directory.
Mar 13 19:17:43 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such file or directory.
Mar 13 19:17:42 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such file or directory.
Mar 13 19:17:41 dhcpleases kqueue error: unknown
Mar 13 19:17:41 php-fpm 341 /status_services.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1584141461] unbound[84769:0] error: error for cert file: /var/unbound/sslcert.crt [1584141461] unbound[84769:0] error: error in SSL_CTX use_certificate_chain_file crypto error:0906D06C:PEM routines:PEM_read_bio:no start line [1584141461] unbound[84769:0] error: and additionally crypto error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib [1584141461] unbound[84769:0] fatal error: could not set up listen SSL_CTX'
Mar 13 19:17:41 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such file or directory.
Mar 13 19:17:41 dhcpleases /etc/hosts changed size from original!
Updated by Jim Pingle over 4 years ago
- Status changed from New to Rejected
I can't reproduce this. I use ACME certs and DNS resolver on numerous lab systems and none behave this way.
Please post on the forum and describe your setup in more detail.