plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon opnsense

UniFi Controller not starting after deploying certificate to keystore

Open Qhilm opened this issue 1 year ago • 4 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [X] The title contains the plugin to which this issue belongs

Describe the bug After deploying the letsencrypt certificate used for the opnsense router to the Unifi Controller plugin using the os-acme-client plugin's "update local UniFi keystore", the os-unifi-maxit plugin is not starting anymore.

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Services > ACME Client > Automation'
  2. Create an automation with command "update local UniFi keystore", leave path to "/usr/local/share/java/unifi/data/keystore", call it "UniFi_automation"
  3. Go to "Services > ACME Client > Certificates"
  4. Click "edit" next to the certificate used for the opnsense router, add the "UniFi_automation" to the automations, click "save"
  5. Click "run automations" next to the certificate where you just added an automation.

UniFi doesn't start anymore.

Expected behavior UniFi Controller should come backup with a new certificate. @adn77 maybe you have an idea?

Relevant log files I need some support to understand where the logs are.

Additional context Router certificate is a wildcard certificate, public key is of type EC384.

Environment OPNsense 24.1.6 amd64 os-acme-client plugin 4.2 os-unifi-maxit 1.3

Qhilm avatar May 16 '24 15:05 Qhilm

Interestingly, even after uninstalling and reinstalling the os-unifi-maxit plugin, it still crashes almost immediately after being launched.

Qhilm avatar May 16 '24 16:05 Qhilm

I checked the /usr/local/share/java/unifi/logs/startup.log file, but there is a single line:

[2024-05-16 18:19:08,561] <launcher> INFO  startup - Initiating startup

I moved the entire /usr/local/share/java/unifi/ folder (somehow it's not removed when uninstalling the plugin), I rebooted opnsense, but still impossible to keep the UniFi service up and running, this is weird, something has been corrupted that the plugin uninstallation is not removing it seems.

Maybe @mimugmail you have an idea where I should look?

Qhilm avatar May 16 '24 20:05 Qhilm

Remove the plugin, remove the folder and install again. Please use issue tracker at my repo, unifi is not official nor supported :)

mimugmail avatar May 16 '24 20:05 mimugmail

Thanks for the feedback.

I was not sure if the issue is with the "update local UniFi keystore" command of with the UniFi plugin. Plugin was working fine until I tried to deploy a cert to the keystore.

I did move the /usr/local/share/java/unifi/ folder and removed the plugin, it does not help unfortunately.

I will open an issue on you tracker, thanks.

Qhilm avatar May 16 '24 20:05 Qhilm

This occurence issue is fixed by changing the port number crowdsec is using for its LAPI interface. Many thanks to @mimugmail.

I cannot reproduce the issue anymore and while I do not have an explanation for the fact that UniFi Controller never had a conflict with crowdsec before, it is clear that I had a misconfiguration.

Qhilm avatar May 19 '24 19:05 Qhilm