Connection aborted, BadStatusLine
marekbedy opened this issue · 14 comments
Hello,
your script crashes here:
root@JAIL-01:/certificates # ./deploy_freenas.py
Certificate import successful
Certificate list successful
Setting active certificate successful
Traceback (most recent call last):
File "./deploy_freenas.py", line 101, in
auth=(USER, PASSWORD),
File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 112, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 490, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
I believe this is normal, due to the way the API call to restart the web server works. After the script finishes, is the web GUI using the new certificate?
The script has imported only server's certificate, the letsencrypt CA is not imported. Is this expected?
Do you mean the CA isn't imported as part of the certificate, or that it isn't imported into the Certificate Authorities section in the web GUI? If the latter, that's expected; that just isn't part of what this script is trying to do. If the former, sounds like a bug in FreeNAS--it had been reported some time ago, but I thought it was fixed a while back.
It is not impred into the certificate authorities section in the web GUI. I have manualy imported Letsencrypt root certificates (root + intermediate). Dont know if it is really needed.
But the web GUI still dont run on https protocol when i have selected a certificate in the GUI section.
I am getting resets in TCP connection when trying to open https.
btw, i am running FreeNAS-11.1-U4
OK, as to importing the CAs, the script is working as designed--it just isn't designed to do that. It might be worthwhile to figure out how, but it'll take some doing.
Failing connections isn't a good thing, though. From the shell in FreeNAS, run openssl s_client -connect localhost:443. What's the output? Mask your domain name if you like.
root@ucw:~ # openssl s_client -connect localhost:443
connect: Connection refused
connect:errno=61
root@ucw:~ #
root@ucw:~ # sockstat -4 | grep nginx
www nginx 2789 6 tcp4 195.20.170.17:80 :
www nginx 2789 14 tcp4 195.20.170.17:80 195.20.170.5:63227
www nginx 2789 17 tcp4 127.0.0.1:18940 127.0.0.1:6000
root nginx 2788 6 tcp4 195.20.170.17:80 :
And you've set the web GUI to use HTTPS (HTTP+HTTPS would be safer, at least while you're trying to get it to work)?
yes, http+ https enabled. It seems nxginx daemon (GUI web server) does not start https
It shouldn't be required, but can you try restarting the server?
When i restart nginx service manualy i got this:
root@ucw:~ # service nginx restart
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
But in the configuration it is not configured port 443:
more /usr/local/etc/nginx/nginx.conf
--- snip
server {
server_name localhost;
listen 0.0.0.0:80;
listen [::]:80;
--- snip
The restart of the server brings the same result.
... I've yet to master this github thing ... anyhow my fix to tidy this error up is:
add this by the imports
#
# Some libs just for error handling
#
import urllib3, httpAnd then at the end where the reset of http is done, change it to:
# Reload nginx with new cert
try:
r = requests.post(
PROTOCOL + DOMAIN_NAME + '/api/v1.0/system/settings/restart-httpd-all/',
auth=(USER, PASSWORD),
)
except (urllib3.exceptions.ProtocolError, http.client.RemoteDisconnected, requests.exceptions.ConnectionError):
print("Server reset ... as expected")