unbound: remote control certificate creation problem when system date is way off

[meyergru]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

If at creation time of /var/unbound/unbound_{server,control}.{key,pem}, the system time is way off, the created certificates are invalid and normally never get recreated. This results in errors like:

error: remote control failed ssl crypto error:0A000412:SSL routines::sslv3 alert bad certificate

To Reproduce

Steps to reproduce the behavior:

• Set system time to some time in the future (in my case, it was 2121)
• Start unbound for the first time (to simulate, stop it, "rm /var/unbound/unbound_*" and restart unbound)
• Verify creation time of /var/unbound_* to be in the future.
• Look at unbound log for the certificate error.

Expected behavior

If the auto-created certificate fails, it should get recreated automatically. Or alternatively, it could well be created on every unbound startup.

Describe alternatives you considered

One can fix this by removing /var/unbound/unbound_*, but to find it is hard.

Screenshots

None.

Relevant log files

See above,

Additional context

While this may only rarely occur, it is nearly impossible to detect or heal for a novice.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7.x and probably below