plugins
plugins copied to clipboard
Published
20 hours ago •
opnsense
opnsense
security/acme-client: accounts & certificates WebGUI unusable
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
- [✅] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [✅] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- [✅] The title contains the plugin to which this issue belongs
Describe the bug Unsure of when this bug occured exactly, but I've recently tried to issue a new SSL cert, when I discovered that the Accounts and Certficates fields in the ACME Client plugin submenu were both completely empty. The menu buttons to add or delete accounts are unresponsive. The button to issue/renew all certificates does partially work, as in it is able to try and renew all certificates cached in System -> Trust -> Certificates.
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce Steps to reproduce the behavior:
- Go to 'Services -> ACME Client -> Accounts/Certificates'
- Fields which were previously populated with both certificate and account(s) are now completely empty.
- Create/delete buttons unresponsive
- Certificate renewal is successful from the logfiles, but unusable UI and unable to edit existing Accounts/Certs is a massive issue.
Expected behavior Being able to do all of the above.
Screenshots If applicable, add screenshots to help explain your problem.
Relevant log files During startup:
Starting qemu_guest_agent.
rmdir: /var/etc/acme-client/home/deploy: Not a directory
rmdir: /var/etc/acme-client/home/dnsapi: Not a directory
rmdir: /var/etc/acme-client/home/notify: Not a directory
Starting acme_http_challenge.
sh: /usr/local/etc/rc.d/php-fpm: not found
/var/log/acmeclient/latest.log
<14>1 2025-06-04T17:48:13+02:00 [ROUTER] acme.sh 82514 - [meta sequenceId="633"] [Wed Jun 4 17:48:13 CEST 2025] All checks succeeded
<14>1 2025-06-04T17:48:13+02:00 [ROUTER] acme.sh 93950 - [meta sequenceId="634"] [Wed Jun 4 17:48:13 CEST 2025] Verifying: [REDACTED]
<14>1 2025-06-04T17:48:13+02:00 [ROUTER] acme.sh 26845 - [meta sequenceId="635"] [Wed Jun 4 17:48:13 CEST 2025] Pending. The CA is processing your order, please wait. (1/30)
<14>1 2025-06-04T17:48:16+02:00 [ROUTER] acme.sh 60770 - [meta sequenceId="636"] [Wed Jun 4 17:48:16 CEST 2025] Success
<14>1 2025-06-04T17:48:16+02:00 [ROUTER] acme.sh 63192 - [meta sequenceId="637"] [Wed Jun 4 17:48:16 CEST 2025] Removing DNS records.
<14>1 2025-06-04T17:48:16+02:00 [ROUTER] acme.sh 74469 - [meta sequenceId="638"] [Wed Jun 4 17:48:16 CEST 2025] Removing txt: AEXppIEcbP_-ZDsRjvLoltIF-2GWwSqYH5oIK5Bb83A for domain: _acme-challenge.[REDACTED]
<14>1 2025-06-04T17:48:20+02:00 [ROUTER] acme.sh 23960 - [meta sequenceId="639"] [Wed Jun 4 17:48:20 CEST 2025] Successfully removed
<14>1 2025-06-04T17:48:20+02:00 [ROUTER] acme.sh 27890 - [meta sequenceId="640"] [Wed Jun 4 17:48:20 CEST 2025] Verification finished, beginning signing.
<14>1 2025-06-04T17:48:20+02:00 [ROUTER] acme.sh 36014 - [meta sequenceId="641"] [Wed Jun 4 17:48:20 CEST 2025] Let's finalize the order.
<14>1 2025-06-04T17:48:20+02:00 [ROUTER] acme.sh 37594 - [meta sequenceId="642"] [Wed Jun 4 17:48:20 CEST 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1460146466/391177875347'
<14>1 2025-06-04T17:48:21+02:00 [ROUTER] acme.sh 69785 - [meta sequenceId="643"] [Wed Jun 4 17:48:21 CEST 2025] Downloading cert.
<14>1 2025-06-04T17:48:21+02:00 [ROUTER] acme.sh 72557 - [meta sequenceId="644"] [Wed Jun 4 17:48:21 CEST 2025] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/06010febc33c7d230c87cacc529f579c408c'
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 2108 - [meta sequenceId="645"] [Wed Jun 4 17:48:22 CEST 2025] Cert success.
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 5396 - [meta sequenceId="646"] [Wed Jun 4 17:48:22 CEST 2025] Your cert is in: /var/etc/acme-client/cert-home/680e9aae53c020.22641748/[REDACTED]/[REDACTED].cer
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 9101 - [meta sequenceId="647"] [Wed Jun 4 17:48:22 CEST 2025] Your cert key is in: /var/etc/acme-client/cert-home/680e9aae53c020.22641748/[REDACTED]/[REDACTED].key
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 16539 - [meta sequenceId="648"] [Wed Jun 4 17:48:22 CEST 2025] The intermediate CA cert is in: /var/etc/acme-client/cert-home/680e9aae53c020.22641748/[REDACTED]/ca.cer
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 19565 - [meta sequenceId="649"] [Wed Jun 4 17:48:22 CEST 2025] And the full-chain cert is in: /var/etc/acme-client/cert-home/680e9aae53c020.22641748/[REDACTED]/fullchain.cer
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 66969 - [meta sequenceId="650"] [Wed Jun 4 17:48:22 CEST 2025] Installing cert to: /var/etc/acme-client/certs/680e9aae53c020.22641748/cert.pem
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 71716 - [meta sequenceId="651"] [Wed Jun 4 17:48:22 CEST 2025] Installing CA to: /var/etc/acme-client/certs/680e9aae53c020.22641748/chain.pem
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 74977 - [meta sequenceId="652"] [Wed Jun 4 17:48:22 CEST 2025] Installing key to: /var/etc/acme-client/keys/680e9aae53c020.22641748/private.key
<14>1 2025-06-04T17:48:22+02:00 [ROUTER] acme.sh 77099 - [meta sequenceId="653"] [Wed Jun 4 17:48:22 CEST 2025] Installing full chain to: /var/etc/acme-client/certs/680e9aae53c020.22641748/fullchain.pem
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 91605 - [meta sequenceId="1"] [Wed Jun 4 17:49:32 CEST 2025] Using server: https://acme-v02.api.letsencrypt.org/directory
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 94677 - [meta sequenceId="2"] [Wed Jun 4 17:49:32 CEST 2025] Running cmd: issue
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 98456 - [meta sequenceId="3"] [Wed Jun 4 17:49:32 CEST 2025] _main_domain='[REDACTED]'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 1081 - [meta sequenceId="4"] [Wed Jun 4 17:49:32 CEST 2025] _alt_domains='no'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 3383 - [meta sequenceId="5"] [Wed Jun 4 17:49:32 CEST 2025] Using config home: /var/etc/acme-client/home
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 6309 - [meta sequenceId="6"] [Wed Jun 4 17:49:32 CEST 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 14106 - [meta sequenceId="7"] [Wed Jun 4 17:49:32 CEST 2025] DOMAIN_PATH='/var/etc/acme-client/cert-home/657a2282c3f149.00420110/[REDACTED]'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 20598 - [meta sequenceId="8"] [Wed Jun 4 17:49:32 CEST 2025] Le_NextRenewTime
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 24170 - [meta sequenceId="9"] [Wed Jun 4 17:49:32 CEST 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 26681 - [meta sequenceId="10"] [Wed Jun 4 17:49:32 CEST 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 30762 - [meta sequenceId="11"] [Wed Jun 4 17:49:32 CEST 2025] GET
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 34316 - [meta sequenceId="12"] [Wed Jun 4 17:49:32 CEST 2025] url='https://acme-v02.api.letsencrypt.org/directory'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 37931 - [meta sequenceId="13"] [Wed Jun 4 17:49:32 CEST 2025] timeout=
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 43586 - [meta sequenceId="14"] [Wed Jun 4 17:49:32 CEST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.neX14WKRQt -g '
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 47093 - [meta sequenceId="15"] [Wed Jun 4 17:49:32 CEST 2025] ret='0'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 61180 - [meta sequenceId="16"] [Wed Jun 4 17:49:32 CEST 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 64533 - [meta sequenceId="17"] [Wed Jun 4 17:49:32 CEST 2025] ACME_NEW_AUTHZ
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 67237 - [meta sequenceId="18"] [Wed Jun 4 17:49:32 CEST 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 69117 - [meta sequenceId="19"] [Wed Jun 4 17:49:32 CEST 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 71204 - [meta sequenceId="20"] [Wed Jun 4 17:49:32 CEST 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 74221 - [meta sequenceId="21"] [Wed Jun 4 17:49:32 CEST 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 77286 - [meta sequenceId="22"] [Wed Jun 4 17:49:32 CEST 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
<14>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 6076 - [meta sequenceId="23"] [Wed Jun 4 17:49:32 CEST 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 8580 - [meta sequenceId="24"] [Wed Jun 4 17:49:32 CEST 2025] _on_before_issue
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 11202 - [meta sequenceId="25"] [Wed Jun 4 17:49:32 CEST 2025] _chk_main_domain='[REDACTED]'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 12805 - [meta sequenceId="26"] [Wed Jun 4 17:49:32 CEST 2025] _chk_alt_domains
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 16766 - [meta sequenceId="27"] [Wed Jun 4 17:49:32 CEST 2025] Le_LocalAddress
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 21330 - [meta sequenceId="28"] [Wed Jun 4 17:49:32 CEST 2025] d='[REDACTED]'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 24297 - [meta sequenceId="29"] [Wed Jun 4 17:49:32 CEST 2025] Checking for domain='[REDACTED]'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 29546 - [meta sequenceId="30"] [Wed Jun 4 17:49:32 CEST 2025] _currentRoot='dns_cf'
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 34317 - [meta sequenceId="31"] [Wed Jun 4 17:49:32 CEST 2025] d
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 43436 - [meta sequenceId="32"] [Wed Jun 4 17:49:32 CEST 2025] _saved_account_key_hash was not changed, skipping account registration.
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 47522 - [meta sequenceId="33"] [Wed Jun 4 17:49:32 CEST 2025] Read key length: 2048
<14>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 49855 - [meta sequenceId="34"] [Wed Jun 4 17:49:32 CEST 2025] Creating domain key
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 51422 - [meta sequenceId="35"] [Wed Jun 4 17:49:32 CEST 2025] Using config home: /var/etc/acme-client/home
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 55056 - [meta sequenceId="36"] [Wed Jun 4 17:49:32 CEST 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
<11>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 62870 - [meta sequenceId="37"] [Wed Jun 4 17:49:32 CEST 2025] Domain key exists, do you want to overwrite it?
<11>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 65411 - [meta sequenceId="38"] [Wed Jun 4 17:49:32 CEST 2025] If so, add '--force' and try again.
<11>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 68424 - [meta sequenceId="39"] [Wed Jun 4 17:49:32 CEST 2025] Error creating domain key.
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 70804 - [meta sequenceId="40"] [Wed Jun 4 17:49:32 CEST 2025] pid
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 74056 - [meta sequenceId="41"] [Wed Jun 4 17:49:32 CEST 2025] No need to restore nginx config, skipping.
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 77039 - [meta sequenceId="42"] [Wed Jun 4 17:49:32 CEST 2025] _clearupdns
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 79861 - [meta sequenceId="43"] [Wed Jun 4 17:49:32 CEST 2025] dns_entries
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 83390 - [meta sequenceId="44"] [Wed Jun 4 17:49:32 CEST 2025] Skipping dns.
<15>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 85032 - [meta sequenceId="45"] [Wed Jun 4 17:49:32 CEST 2025] _on_issue_err
<11>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 87658 - [meta sequenceId="46"] [Wed Jun 4 17:49:32 CEST 2025] Please add '--debug' or '--log' to see more information.
<11>1 2025-06-04T17:49:32+02:00 [ROUTER] acme.sh 91316 - [meta sequenceId="47"] [Wed Jun 4 17:49:32 CEST 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
<15>1 2025-06-04T17:49:33+02:00 [ROUTER] acme.sh 94870 - [meta sequenceId="48"] [Wed Jun 4 17:49:32 CEST 2025] Diagnosis versions:
openssl:openssl
OpenSSL 3.0.16 11 Feb 2025 (Library: OpenSSL 3.0.16 11 Feb 2025)
Apache:
Apache doesn't exist.
nginx:
nginx version: nginx/1.28.0
built with OpenSSL 3.0.16 11 Feb 2025
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --with-compat --with-pcre --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_v3_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_smtp_module --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/ngx_brotli-a71f931 --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/headers-more-nginx-module-06dc0be --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-1.6/naxsi_src --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/njs-0.8.5/nginx --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/nginx-module-vts-bf64dbf --with-ld-opt='-L /usr/local/lib'
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1
Services: ACME Client: Log Files > system log
2025-06-04T17:49:33configAcmeClient: issue/renewal not required for certificate: [REDACTED]
2025-06-04T17:49:33configAcmeClient: issue/renewal not required for certificate: [REDACTED]
2025-06-04T17:49:33configAcmeClient: issue/renewal not required for certificate: [REDACTED]
2025-06-04T17:49:33configAcmeClient: issue/renewal not required for certificate: [REDACTED]
2025-06-04T17:49:33configAcmeClient: issue/renewal not required for certificate: [REDACTED]
2025-06-04T17:49:33configAcmeClient: issue/renewal not required for certificate: [REDACTED]
2025-06-04T17:49:33opnsense-develAcmeClient: validation for certificate failed: [REDACTED]
2025-06-04T17:49:33opnsense-develAcmeClient: domain validation failed (dns01)
2025-06-04T17:49:33opnsense-develAcmeClient: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_cf' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/657a2282c3f149.00420110' --certpath '/var/etc/acme-client/certs/657a2282c3f149.00420110/cert.pem' --keypath '/var/etc/acme-client/keys/657a2282c3f149.00420110/private.key' --capath '/var/etc/acme-client/certs/657a2282c3f149.00420110/chain.pem' --fullchainpath '/var/etc/acme-client/certs/657a2282c3f149.00420110/fullchain.pem' --domain 'copernican.cc' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/6577b6d200d1b8.77039838_prod/account.conf''
2025-06-04T17:49:32opnsense-develAcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_cf' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/657a2282c3f149.00420110' --certpath '/var/etc/acme-client/certs/657a2282c3f149.00420110/cert.pem' --keypath '/var/etc/acme-client/keys/657a2282c3f149.00420110/private.key' --capath '/var/etc/acme-client/certs/657a2282c3f149.00420110/chain.pem' --fullchainpath '/var/etc/acme-client/certs/657a2282c3f149.00420110/fullchain.pem' --domain 'copernican.cc' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/6577b6d200d1b8.77039838_prod/account.conf'
2025-06-04T17:49:32opnsense-develAcmeClient: using challenge type: Cloudflare-[REDACTED]
2025-06-04T17:49:32opnsense-develAcmeClient: account is registered: DDNS Token 1
2025-06-04T17:49:31opnsense-develAcmeClient: using CA: letsencrypt
2025-06-04T17:49:31opnsense-develAcmeClient: issue certificate: [REDACTED]
2025-06-04T17:49:31opnsense-develAcmeClient: certificate must be issued/renewed: [REDACTED]
Additional context Add any other context about the problem here.
Environment Virtualized via PVE
I'm having the exact same issue, this has also been reported on the forums https://forum.opnsense.org/index.php?topic=47483.0
I'm having the exact same issue, this has also been reported on the forums https://forum.opnsense.org/index.php?topic=47483.0
OP of this forum thread here….
happy to help diagnose if anyone’s got ideas…. the lack of any substantial errors is what’s somewhat confusing….
To everyone affected by this, please provide the following information:
- Provide some details about the system.
- OPNsense version
- Hardware: CPU model, RAM size, free disk space (
df -h) - Browser + version
- Check if OPNsense has detected an issue.
- System -> Firmware -> Reporter
- If there is a crash report, please provide the output.
- Run migrations again to find failed migrations.
- First create a backup of your OPNsense configuration.
- Then run the following command as root:
/usr/local/opnsense/mvc/script/run_migrations.php- If this returns any errors, please provide the full output.
- Check the system log.
- (1) System -> Log Files -> Backend
- (2) System -> Log Files -> General
- Try to access the broken Acme Client pages, then check these two logs for entries that are logged at about the same time.
I cannot reproduce this issue and have never seen it before, so I need this information to find the root cause.
System Details:
- OPNsense 25.7.a_569 (amd64) at Tue Jun 17 11:42:24 UTC 2025
-
Origin="GenuineIntel" Id=0xf61 Family=0xf Model=0x6 Stepping=1 Features=0x1783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,HTT> Features2=0x80202001<SSE3,CX16,x2APIC,HV> AMD Features=0x20100800<SYSCALL,NX,LM> AMD Features2=0x1<LAHF> Hypervisor: Origin = "KVMKVMKVM" real memory = 8589934592 (8192 MB) avail memory = 8269377536 (7886 MB) Event timer "LAPIC" quality 100 ACPI APIC Table: <BOCHS BXPC > FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs FreeBSD/SMP: 2 package(s) x 4 core(s) -
# df -h Filesystem Size Used Avail Capacity Mounted on zroot/ROOT/default 54G 1.3G 52G 3% / devfs 1.0K 0B 1.0K 0% /dev /dev/vtbd0p1 260M 1.7M 258M 1% /boot/efi zroot/tmp 52G 2.1M 52G 0% /tmp zroot/usr/ports 52G 96K 52G 0% /usr/ports zroot 52G 96K 52G 0% /zroot zroot/var/audit 52G 96K 52G 0% /var/audit zroot/usr/src 52G 96K 52G 0% /usr/src zroot/var/log 52G 70M 52G 0% /var/log zroot/var/tmp 52G 120K 52G 0% /var/tmp zroot/var/mail 52G 136K 52G 0% /var/mail zroot/var/crash 52G 104K 52G 0% /var/crash zroot/usr/home 52G 96K 52G 0% /usr/home devfs 1.0K 0B 1.0K 0% /var/dhcpd/dev devfs 1.0K 0B 1.0K 0% /var/unbound/dev /usr/local/lib/python3.11 54G 1.3G 52G 3% /var/unbound/usr/local/lib/python3.11 /lib 54G 1.3G 52G 3% /var/unbound/lib - System Information:
FreeBSD 14.2-RELEASE-p3 stable/25.1-n269825-cbaf3aa6b26b SMP amd64
OPNsense 25.7.a_569 c8c759716
Plugins os-acme-client-4.9 os-dmidecode-1.2 os-frr-devel-1.45 os-git-backup-devel-1.0_3 os-haproxy-4.5 os-lldpd-devel-1.2 os- node_exporter-1.2 os-qemu-guest-agent-devel-1.3 os-stunnel-devel-1.0.5_3 os-tinc-devel-1.7_2 os-zerotier-devel-1.3.2_5
Time Tue, 17 Jun 2025 11:49:43 +0000
OpenSSL 3.0.16
Python 3.11.12
PHP 8.3.21
- PHP Errors:
[12-Jun-2025 14:09:35 Etc/UTC] Error: Call to undefined function system_trust_configure() in /usr/local/etc/inc/plugins.inc.d/core.inc:481
Stack trace:
#0 /usr/local/etc/inc/plugins.inc(323): core_trust_crl(false)
#1 /usr/local/opnsense/scripts/stunnel/generate_certs.php(90): plugins_configure('crl')
#2 {main}
[12-Jun-2025 14:09:41 Etc/UTC] Error: Call to undefined function system_trust_configure() in /usr/local/etc/inc/plugins.inc.d/core.inc:481
Stack trace:
#0 /usr/local/etc/inc/plugins.inc(323): core_trust_crl(false)
#1 /usr/local/opnsense/scripts/stunnel/generate_certs.php(90): plugins_configure('crl')
#2 {main}
- No migration errors:
root@opnsense-01:~ # /usr/local/opnsense/mvc/script/run_migrations.php
root@opnsense-01:~ #
- No relevant lines in Logfiles General/Backend
@dBitech
System Details:
You're running an OPNsense ALPHA build. Not sure if that makes a difference, but I don't test on pre-release versions.
PHP Errors:
These errors are most likely related to the os-stunnel-devel-1.0.5_3 plugin.
Provide some details about the system.
- OPNsense version: OPNsense 25.7.a_596-amd64
- Hardware: Intel Xeon E5-1650 v0, 40 GB RAM, 220G Available
- Chrome/Firefox/Safari - Official/Dev/Alpha - tried all
Filesystem Size Used Avail Capacity Mounted on
zroot/ROOT/default 222G 2.3G 220G 1% /
devfs 1.0K 0B 1.0K 0% /dev
/dev/gpt/efiboot0 260M 1.3M 259M 1% /boot/efi
zroot 220G 96K 220G 0% /zroot
zroot/var/mail 220G 152K 220G 0% /var/mail
zroot/var/log 221G 585M 220G 0% /var/log
zroot/var/crash 220G 96K 220G 0% /var/crash
zroot/usr/ports 220G 96K 220G 0% /usr/ports
zroot/tmp 220G 2.0M 220G 0% /tmp
zroot/usr/src 220G 96K 220G 0% /usr/src
zroot/var/tmp 220G 96K 220G 0% /var/tmp
zroot/var/audit 220G 96K 220G 0% /var/audit
zroot/home 220G 96K 220G 0% /home
devfs 1.0K 0B 1.0K 0% /var/dhcpd/dev
devfs 1.0K 0B 1.0K 0% /var/unbound/dev
/usr/local/lib/python3.11 222G 2.3G 220G 1% /var/unbound/usr/local/lib/python3.11
/lib 222G 2.3G 220G 1% /var/unbound/lib
Check if OPNsense has detected an issue.
- No detected issues.
Run migrations again to find failed migrations.
- No PHP errors
- No migration errors
- No relevant lines in log files for Backend or General
what i noticed looking at the interaction between browser and opnsense is that on pages which display the proper content there are two requests made to search. one for the main search result, and a second for the acme result in question.
for the pages that don’t show content i do not see a second request being made. so for some reason the js doesn’t seem to fire
[root@evey /home/wolfspyre]# opnsense-version
OPNsense 25.7.a_569 (amd64)
[root@evey /home/wolfspyre]# hw-probe -all -upload
[root@atticus ~]# opnsense-version
OPNsense 25.7.a_606 (amd64)
[root@atticus ~]# hw-probe -all -upload
I was watching all latest.log files in /var/log, as well as /var/lib/php/tmp/PHP_errors.log when I ran /usr/local/opnsense/mvc/script/run_migrations.php, but I saw nothing at all in output.
there's no observable change in behavior between 25.7a_569 and 25.7a_606.
when viewing the acmeclient/accounts page, with browsertools open, I don't see my browser making the second call to get the ajax content....
This behavior was the same in safari, brave, and chrome.
What additional information would be helpful?
System Details:
You're running an OPNsense ALPHA build. Not sure if that makes a difference, but I don't test on pre-release versions.
With a 25.7 Targeted GA date of only a few weeks away, would it not make OPNsence to test against it so that the plugin is gold on GA day ?
Updating to 25.7.a_674 did not impact the behavior. I see an additional ajax call from my browser to opnsense on the pages which DO display content, and I do NOT on the ones which have an empty page ...
Nothing is logged in the browser console. Nothing is logged serverside near as I can tell ... SOMETHING is borked, real descriptive, I know... nevertheless... it would be nice if we could identify why the browser isn't fetching stuff.
I just deployed a test instance, at 25.1.10 and was able to standup new certs, several reboots and the presentation remained fine in the GUI. I then took and upgrade this to dev (25.7.a_647) and now none of the accounts, certs etc are showing up in the GUI. I can take this instance and upgrade back to 25.1.10 and all of the GUI returns.
The main difference between stable and master is that stable still runs normal bootgrid, and master runs tabulator with a translation layer to bootgrid.
Maybe something in this plugin is not working with tabulator? I did not check though, just as a maybe hint.
A patch is available that will fix this issue on OPNsense alpha:
opnsense-patch -c plugins 94a5bb5c283e8b6ed3aaf16f88774b9912177767
Thanks to @Monviech for providing the fix.
Can confirm this worked for me on 25.6.a_674:
[root@atticus /var/log]# opnsense-version ;uptime; uname -a
OPNsense 25.7.a_674 (amd64)
3:17AM up 2 days, 9:08, 10 users, load averages: 1.44, 0.89, 0.78
FreeBSD atticus.wolfspyre.com 14.2-RELEASE-p3 FreeBSD 14.2-RELEASE-p3 stable/25.1-n269825-cbaf3aa6b26b SMP amd64
[root@atticus /var/log]# opnsense-patch -c plugins 94a5bb5c283e8b6ed3aaf16f88774b9912177767
Fetched 94a5bb5c283e8b6ed3aaf16f88774b9912177767 via https://github.com/opnsense/plugins
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 94a5bb5c283e8b6ed3aaf16f88774b9912177767 Mon Sep 17 00:00:00 2001
|From: Monviech <->
|Date: Fri, 4 Jul 2025 18:07:45 +0000
|Subject: [PATCH] security/acme: Fix accounts.volt and certificates.volt
| UIBootgrid
|
|---
| .../opnsense/mvc/app/views/OPNsense/AcmeClient/accounts.volt | 4 +++-
| .../mvc/app/views/OPNsense/AcmeClient/certificates.volt | 4 +++-
| 2 files changed, 6 insertions(+), 2 deletions(-)
|
|diff --git a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/accounts.volt b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/accounts.volt
|index ec20a20e89..a9623ad107 100644
|--- a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/accounts.volt
|+++ b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/accounts.volt
--------------------------
Patching file opnsense/mvc/app/views/OPNsense/AcmeClient/accounts.volt using Plan A...
Hunk #1 succeeded at 115.
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
|index dedd86c575..75cfd51547 100644
|--- a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
|+++ b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
--------------------------
Patching file opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt using Plan A...
Hunk #1 succeeded at 140.
done
All patches have been applied successfully. Have a nice day.
<3 Thank you, VERY much, @Monviech Sincerely appreciated!
UI Is operating as expected in the acme pane.