Failure to Initialize SSL

[TonyK132]

I run a script that restarts HTTPd every 4 hrs. It prevents the GUI from not responding and seems to work well. But lately it's been doing this, it fails to initialize SSL. Is this something I need to fix, and if yes, how do I fix it?

Mar 27 20:00:01 RT-AC86U-1BD0 rc_service: service 24345:notify_rc restart_httpd
Mar 27 20:00:01 RT-AC86U-1BD0 custom_script: Running /jffs/scripts/service-event (args: restart httpd)
Mar 27 20:00:01 RT-AC86U-1BD0 RT-AC86U: start https:8443
Mar 27 20:00:01 RT-AC86U-1BD0 RT-AC86U: start httpd:80
Mar 27 20:00:01 RT-AC86U-1BD0 httpd: Failed to initialize SSL, generating new key/cert...80
Mar 27 20:00:01 RT-AC86U-1BD0 httpd: Save SSL certificate...80
Mar 27 20:00:01 RT-AC86U-1BD0 httpd: Succeed to init SSL certificate...80
Mar 27 20:00:01 RT-AC86U-1BD0 httpd: Succeed to init SSL certificate...8443

 

[dave14305]

If it’s happening often, check your certs exist in /jffs:

ls -l /jffs/.cert

 

[TonyK132]

Here's what mine says:

-rw------- 1 admin root 457 May 4 2018 sshd_dsskey
-rw------- 1 admin root 141 May 4 2018 sshd_ecdsakey
-rw------- 1 admin root 83 May 4 2018 sshd_ed25519key
-rw------- 1 admin root 805 May 4 2018 sshd_hostkey

If this is wrong, how do I update it?

 

[dave14305]

I’m wrong. If your cert is being saved, it will now be in /jffs/cert.tgz. Check the DDNS page to see how your cert settings are.

 

[TonyK132]

I think I had a problem. There was a difference between what was displayed in Admin->System and WAN->DDNS. So I used amtm to have pixelserv update my cert. Now both of those locations are consistent. But I'm struggling with importing the new cert into Win10. When I untar the file using 7ZIP, I only have cert.pem and key.pem files. I expected to also see a .crt file that I could click on and import into Win10. Any idea how I can proceed?

 

[TonyK132]

BTW, here is what's in my /jffs dir. Does this look right?

 

[dave14305]

I think I had a problem. There was a difference between what was displayed in Admin->System and WAN->DDNS. So I used amtm to have pixelserv update my cert. Now both of those locations are consistent. But I'm struggling with importing the new cert into Win10. When I untar the file using 7ZIP, I only have cert.pem and key.pem files. I expected to also see a .crt file that I could click on and import into Win10. Any idea how I can proceed?

The Pixelserv cert should be gotten via http://pixelservip/ca.crt or in the Pixelserv cache directory.

 

[TonyK132]

I got the Pixelserve cert but it is issued to router.asus.com, not to the IP address of the router, which in my case is 192.168.2.1. How do I correlate those 2? I'm currently using Unbound as my DNS and it has no knowledge of router.asus.com.

 

[ColinTaylor]

I use the cert.pem file.

 

[TonyK132]

I got the Pixelserve cert but it is issued to router.asus.com, not to the IP address of the router, which in my case is 192.168.2.1. How do I correlate those 2? I'm currently using Unbound as my DNS and it has no knowledge of router.asus.com.

I think I figured it out. I added this line:
local-data: "router.asus.com IN A 192.168.2.1"

to the file
/opt/var/lib/unbound/unbound_ext.conf

Seems to work, but I'm not sure how sticky that will be when I do a reboot. Let me know if this is correct or if I need to change.