https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162023-03-02T16:40:06ZpfSense bugtrackerpfSense Packages - Bug #13421: Stunnel certificate does not refreshhttps://redmine.pfsense.org/issues/13421?journal_id=659702023-03-02T16:40:06ZS Premeau
<ul></ul><p>I have experienced this problem in pfSense plus 22.05 / stunnel 5.50_11.</p>
<p>I "solved" it via brute force, but making these changes:</p>
<pre>
*** /dev/null Wed Dec 31 18:00:00 1969
--- /etc/phpshellsessions/reconfigstunnel Thu Mar 2 16:06:31 2023
***************
*** 0 ****
--- 1,4 ----
+ ! echo 'Updating stunnel configuration . . .'
+ require_once("stunnel.inc");
+ stunnel_save();
+
*** /usr/local/pkg/stunnel.inc.orig Tue Mar 29 10:22:22 2022
--- /usr/local/pkg/stunnel.inc Thu Mar 2 16:31:24 2023
***************
*** 51,56 ****
--- 51,60 ----
return;
}
+ if (! file_exists("/usr/local/etc/rc.d/stunnel.sh")) {
+ stunnel_rcfile();
+ }
+
$conf = "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n";
$conf .= "chroot = " . STUNNEL_CHROOTDIR . " \n";
$conf .= "setuid = stunnel \n";
***************
*** 74,80 ****
$certpath = STUNNEL_ETCDIR . "/{$pkgconfig['certificate']}.pem";
if (file_exists($certpath)) {
$oldcert_details = openssl_x509_parse(file_get_contents($certpath));
! if ($cert_details['hash'] == $oldcert_details['hash']) {
$replace_cert = false;
}
}
--- 78,86 ----
$certpath = STUNNEL_ETCDIR . "/{$pkgconfig['certificate']}.pem";
if (file_exists($certpath)) {
$oldcert_details = openssl_x509_parse(file_get_contents($certpath));
! if (($cert_details['hash'] == $oldcert_details['hash']) &&
! ($cert_details['serialNumber'] == $oldcert_details['serialNumber']))
! {
$replace_cert = false;
}
}
{
</pre>
<p>No you can have the acme plugin reconfigure stunnel via the playback command before restarting the service.</p> pfSense Packages - Bug #13421: Stunnel certificate does not refreshhttps://redmine.pfsense.org/issues/13421?journal_id=659952023-03-03T17:40:03ZA Schnee
<ul></ul><p>Thanks for the work. Added to my pfsense and will see at the next refresh in a few days if it is working.</p> pfSense Packages - Bug #13421: Stunnel certificate does not refreshhttps://redmine.pfsense.org/issues/13421?journal_id=715312023-12-25T19:38:43ZA Schnee
<ul></ul><p>Tested, had to add 2 lines to /usr/local/etc/stunnel at the begining so now it looks like:<br /><pre><code>
#!/usr/local/bin/php -f
<?php
! echo 'Updating stunnel configuration . . .'
require_once("stunnel.inc");
stunnel_save();
</code></pre></p>
<p>and configure acme to execute the script as shell script.</p>
<p>Wihtout this I always recevied and error message: <code>[25-Sep-2023 03:16:12 US/Eastern] PHP Parse error: syntax error, unexpected token "/", expecting end of file in /usr/local/pkg/acme/acme_command.sh(61) : eval()'d code on line 1</code></p>