ioBroker.admin
ioBroker.admin copied to clipboard
ioBroker
After importing SSL cert, admin instance not started: PEM routines:get_name:no start line
Describe the bug
SSL Certificate is probably not imported correctly.
To Reproduce
Steps to reproduce the behavior:
- Go to 'Settings' -> 'Certifiate'
- Click on 'Plus' to add a certificate
Expected behavior
Import the SSL certificate. Iobroker admin is not starting.
Screenshots & Logfiles
Errorlogs:
error: admin.0 (6930) Cannot create web-server: Error: error:0909006C:PEM routines:get_name:no start line
Versions:
- Adapter version: 5.1.28
- JS-Controller version: 3.3.20
- Node version: v12.22.7
- Operating system: Raspbian GNU/Linux 10
Additional context
I deleted the old certificate and wanted to upload the new one. Now the instance does not start.
I have imported a backup. I copied and re-imported the old (working) certificate and this is not working too.
It looks like the certificate will be broken when importing.
BTW: Same with v.5.1.29
I suggest check you _cert in the screenshot it looks to me like there is a space after BEGIN CERTIFICATE----- that should not be there. Also check the rest of the cert string maybe there are some more unwanted characters
I have try without space, utf8, ascii, firefox, chrome .... i have try a lot ...
All imported certs are not working.
But on "copy&paste" what exactly you copy? It seems that linebreaks are getting lost ... so maybe "the way you copy"?
Hello,
i have the same problem since two weeks. If i insert a new certificate and a private ( public / private) key, with copy & paste / drag & drop / with the absolute filenames the instance raise an error at the next restart:
| admin.0 | 2021-12-08 16:43:39.652 | error | Cannot create web-server: Error: error:0909006C:PEM routines:get_name:no start line |
|---|
Here all messages for admin.0 in the log:
2021-12-08 17:06:13.506 - info: host.lxc-iobroker4 "system.adapter.admin.0" enabled
2021-12-08 17:06:13.605 - info: host.lxc-iobroker4 instance system.adapter.admin.0 started with pid 2850540 2021-12-08 17:06:14.119 - info: admin.0 (2850540) Plugin sentry Sentry Plugin disabled for this process because sending of statistic data is disabled for the system 2021-12-08 17:06:14.168 - info: admin.0 (2850540) starting. Version 5.1.25 in /opt/iobroker/node_modules/iobroker.admin, node: v12.22.7, js-controller: 3.3.21 2021-12-08 17:06:14.207 - info: admin.0 (2850540) requesting all states 2021-12-08 17:06:14.208 - info: admin.0 (2850540) requesting all objects 2021-12-08 17:06:14.711 - info: admin.0 (2850540) received all objects 2021-12-08 17:06:14.749 - error: admin.0 (2850540) Cannot create web-server: Error: error:0909006C:PEM routines:get_name:no start line 2021-12-08 17:06:14.750 - info: admin.0 (2850540) Terminated (ADAPTER_REQUESTED_TERMINATION): Without reason 2021-12-08 17:06:15.255 - info: admin.0 (2850540) terminating https server on port 8081 2021-12-08 17:06:15.300 - error: host.lxc-iobroker4 instance system.adapter.admin.0 terminated by request of the instance itself and will not be restarted, before user restarts it. 2021-12-08 17:06:15.300 - info: host.lxc-iobroker4 Do not restart adapter system.adapter.admin.0 because desired by instance
In the iobroker forum i didn't find an actual hint to this problem.
What can i do to solve this?
admin : Version 5.1.25 node : v12.22.7 js-controller : 3.3.21
I hope this is that you want:
Basiskonfiguration - Zertifikate:
HTTPS- Konfiguration:
Sorry, i don't understand. The private key and the certificate (public) are created in the same way like other. These other Certificates / Keys are functional on some other computer and webservern (raspberrymatic, webmin, qnap nas, openmediavault nas, proxmox ve, opnsense) without any problems.
What is the real reason and how can we solve it?
@JB1985 : Unfortunately not with me.
In the meantime I made one more attempt: Transferred the two files ( which were fine - with line breaks) with FTP to the target system. Then the files were checked again on the target system - they are with line breaks. In the IOBROKER - basic settings the files were then included via the absolute path ( '/opt/certs/lxc-iobroker4_private.pem', /opt/certs/lxc-iobroker4_public.pem'. The result after restarting IOBROKER and the admin.0 module is the same error.
Please, can you tell me where the content of the Certificate and PrivateKey in the iobroker-system are stored? In which format? How can i see if the key/certificate are ok?
At a last try I got the module ADMIN with SSL encryption (HTTPS) to run! Solution: After the two files ( private Keyand public Cert.) were successfully transferred to the IOBroker server and checked, the absolute file names were entered in the corresponding assignments of the base configuration. Likewise the appropriate assignment in the configuration for HTTPS (private and public) in the ADMIN module took place.
i.e. base configuration: public /opt/cert/public_key.pem private /opt/cert/private_key.pem
In this notation the ADMIN - module starts without errors. The given notation on the configuration page of the base configuration with a simple check mark above is wrong - or I misunderstood what the author wanted to tell me.
Another little hint: The line breaks in the two key files must of course be in UNIX/LINUX format (0x0a) (not in Windows format!). Of course, the IOBroker (web server) must also be able to read the files (file permissions!).
The way with drag and drop or copy and paste still does not work for me!
I have been running into this problem after updating to js-controller 4.0.4.
I am now unable to even select my additional cert and key for the admin adapter via drop down selection. Only the self signed default cert/key show up. For web and simple-api I can select my custom cert/key just fine.
I have been running into this problem after updating to js-controller 4.0.4. I am now unable to even select my additional cert and key for the admin adapter via drop down selection. Only the self signed default cert/key show up. For web and simple-api I can select my custom cert/key just fine.
Hi, I ran into this today as well, however it worked for me when using Chrome instead of Edge to open admin. Maybe this works for you as well!
I had same problem, that own ssl certs not working. After inserting my own certs, the admin adapter not started.
My old workaround:
- removing SSL for admin adapter
- starting old user interface
- inserting my own certs
- reboot
- changing back to Admin 5.X working...
My new workaround:
- stopping iobroker
- editing objects.jsonl by inserting my certs including "\r\n" for line seperator
- restarting working...
Looks like there is a different handling from old user interface to new interface.
At the new interface it doesnt matter how I inserting the certs the result is not as expected...
Same problem here.
Its interesting: the web.0 can find the certificate & key, the admin.0 can't.
If I try to edit the object.jsonl, I can see some old certificates that Ive allready deleted.
You have to name all with suffix private/public, as mentioned here: https://github.com/ioBroker/ioBroker.admin/issues/1212#issuecomment-991293950
Then admin can use it as well:
Fixed in Admin6, but certificates, should be modified one time (e.g. press SPACE in input field) and save
@JB1985 @SirHis Can you please check with current (6.1.x) Admin version?
Sorry, it took me a while to get to the test. Tested with version 6.1.7: The certificate (public) and the private key could be copied and pasted into the corresponding fields in the basic configuration. However, the newly configured variables only became visible after a restart of the admin-module. Unfortunately, the public keys are also displayed under the private keys. After selecting the new public and private certificates and restarting the admin module, the new login with the new SSL certificate worked.
Translated with www.DeepL.com/Translator (free version)
@SirHis Thanks for your feedback.
Can you please describe more detailed (with screenshots if it helps for understanding ) what needs to be optimized from your point of view?
I'm not able to get self signed certs visible in Web-GUI at all. I'm running Admin 6.3.5, js-controller 4.0.24, node/nodejs 16.19.0 and npm 8.19.3.
For private and public tried with and without underscore and also with first letter uppercase and not. Tried to paste the cert and key directly in the textboxes, gave an extra space and removed it again. Last and current setup with files on the filesystem also with no luck:
File permissions for the sake of completeness: boehserwolf@iobroker:/opt/iobroker:$ ls -al /srv/mycerts/ioBrokerWebGui.* -rw-r--r-- 1 iobroker iobroker 2362 Jan 2 22:40 /srv/mycerts/ioBrokerWebGui.crt -rw-r--r-- 1 iobroker iobroker 3268 Jan 2 22:40 /srv/mycerts/ioBrokerWebGui.key
Did a restart of admin.0 after each change of any cert.
If you want me to do something let me know.
Wenn ich das Zertifikat neu hinzufüge steht nichts im Log.
Nach Neustart der admin.0 Instanz auch nichts Hilfreiches: 2023-01-03 10:54:42.618 - info: host.iobroker stopInstance system.adapter.admin.0 (force=false, process=true) 2023-01-03 10:54:42.624 - info: admin.0 (1658124) Got terminate signal TERMINATE_YOURSELF 2023-01-03 10:54:42.625 - info: admin.0 (1658124) terminating https server on port 8081 2023-01-03 10:54:42.627 - info: admin.0 (1658124) terminating 2023-01-03 10:54:42.628 - info: admin.0 (1658124) Terminated (ADAPTER_REQUESTED_TERMINATION): Without reason 2023-01-03 10:54:42.662 - info: host.iobroker stopInstance system.adapter.admin.0 send kill signal 2023-01-03 10:54:42.618 - info: host.iobroker stopInstance system.adapter.admin.0 (force=false, process=true) 2023-01-03 10:54:42.624 - info: admin.0 (1658124) Got terminate signal TERMINATE_YOURSELF 2023-01-03 10:54:42.625 - info: admin.0 (1658124) terminating https server on port 8081 2023-01-03 10:54:42.627 - info: admin.0 (1658124) terminating 2023-01-03 10:54:42.628 - info: admin.0 (1658124) Terminated (ADAPTER_REQUESTED_TERMINATION): Without reason 2023-01-03 10:54:42.662 - info: host.iobroker stopInstance system.adapter.admin.0 send kill signal 2023-01-03 10:54:43.232 - info: host.iobroker instance system.adapter.admin.0 terminated with code 11 (ADAPTER_REQUESTED_TERMINATION) 2023-01-03 10:54:43.232 - info: host.iobroker instance system.adapter.admin.0 terminated with code 11 (ADAPTER_REQUESTED_TERMINATION) 2023-01-03 10:54:45.745 - info: host.iobroker instance system.adapter.admin.0 started with pid 1659163 2023-01-03 10:54:45.745 - info: host.iobroker instance system.adapter.admin.0 started with pid 1659163 2023-01-03 10:54:46.452 - info: admin.0 (1659163) Plugin sentry Sentry Plugin disabled for this process because sending of statistic data is disabled for the system 2023-01-03 10:54:46.558 - info: admin.0 (1659163) starting. Version 6.3.5 in /opt/iobroker/node_modules/iobroker.admin, node: v16.19.0, js-controller: 4.0.24 2023-01-03 10:54:46.604 - info: admin.0 (1659163) requesting all states 2023-01-03 10:54:46.604 - info: admin.0 (1659163) requesting all objects 2023-01-03 10:54:46.452 - info: admin.0 (1659163) Plugin sentry Sentry Plugin disabled for this process because sending of statistic data is disabled for the system 2023-01-03 10:54:46.558 - info: admin.0 (1659163) starting. Version 6.3.5 in /opt/iobroker/node_modules/iobroker.admin, node: v16.19.0, js-controller: 4.0.24 2023-01-03 10:54:46.604 - info: admin.0 (1659163) requesting all states 2023-01-03 10:54:46.604 - info: admin.0 (1659163) requesting all objects 2023-01-03 10:54:47.219 - info: admin.0 (1659163) received all objects 2023-01-03 10:54:47.302 - info: admin.0 (1659163) https server listening on port 8081 2023-01-03 10:54:47.304 - info: admin.0 (1659163) Use link "https://localhost:8081" to configure. 2023-01-03 10:54:47.307 - info: admin.0 (1659163) Secure socket.io server listening on port 8081 2023-01-03 10:54:47.520 - info: admin.0 (1659163) ==> Connected system.user.admin from 192.168.114.6 2023-01-03 10:54:47.219 - info: admin.0 (1659163) received all objects 2023-01-03 10:54:47.302 - info: admin.0 (1659163) https server listening on port 8081 2023-01-03 10:54:47.304 - info: admin.0 (1659163) Use link "https://localhost:8081" to configure. 2023-01-03 10:54:47.307 - info: admin.0 (1659163) Secure socket.io server listening on port 8081 2023-01-03 10:54:47.520 - info: admin.0 (1659163) ==> Connected system.user.admin from 192.168.114.6
admin.0 "sieht" das Zertifkat nicht:
web.0 allerdings schon:
Kann ich sonst noch etwas liefern?