ENABLE_CAPTIVE='yes' issue - java.lang.IllegalStateException: no issuer certificate found

[tackynugget]

Hi there,

Thank you for your work here.

I was able to use CloudFlare's DNS API with your ubios-cert.env file, however, setting line 9 ENABLE_CAPTIVE='no' causes the following error:

java.lang.IllegalStateException: no issuer certificate found
    at com.ubnt.service.system.Z.?00000(Unknown Source)
    at java.util.Optional.orElseThrow(Optional.java:290)
    at com.ubnt.service.system.Z.super(Unknown Source)
    at com.ubnt.service.system.Z.super(Unknown Source)
    at com.ubnt.service.system.Z.?00000(Unknown Source)
    at com.ubnt.ace.Launcher.main(Unknown Source)
Error: non zero exit code: 1: OCI runtime error

After I saw this error, I followed your De-installation and de-registration steps.

I then followed the Installation steps, but tried different settings in the /mnt/data/ubios-cert/ubios-cert.env file; de-installing and de-registering after each test:

• Set a wildcard instead of specific hosts for CERT_HOSTS; ENABLE_CAPTIVE='no'; ENABLE_RADIUS='no' (Succeeded without errors)
• Set a wildcard instead of specific hosts for CERT_HOSTS; ENABLE_CAPTIVE='no'; ENABLE_RADIUS='yes' (Succeeded with a pair of cp: can't stat errors)
• Set a wildcard instead of specific hosts for CERT_HOSTS; ENABLE_CAPTIVE='yes'; ENABLE_RADIUS='yes' (Reproduced issue)
• Set a wildcard instead of specific hosts for CERT_HOSTS; ENABLE_CAPTIVE='yes'; ENABLE_RADIUS='no' (Reproduced issue)
• Set specific hosts for CERT_HOSTS; ENABLE_CAPTIVE='no'; ENABLE_RADIUS='yes' (Succeeded with a pair of cp: can't stat errors)
• Set specific hosts for CERT_HOSTS; ENABLE_CAPTIVE='yes'; ENABLE_RADIUS='no' (Reproduced issue)

I tried to Google the errors, but couldn't find anything.

I inspected the directories and they all had the expected certificate files.

My UDM-PRO is running 1.10.4.

[alxwolf]

Thank you for your thorough debugging @OverengineeredNetwork! Hopefully I've been able to address all open issues for now.

[tackynugget]

I just uninstalled and reinstalled everything.

I meant to test ENABLE_CAPTIVE #2 and ENABLE_RADIUS #5 separately, but accidentally tested them at the same time because of the cached version of my ubios-cert.env file.

I noticed the following entry (see bold) during what I think would be within the ENABLE_CAPTIVE section of the script:

New certificate was generated, time to deploy it chmod: /mnt/data/unifi-os/unifi-core/config/ca.cer: No such file or directory Checking if Captive Portal certificate needs update.

I confirmed that there is no such file at that location, although the path does exist. I'm not sure how important this is.

Thanks again for your work here, both on the original script and the amendments!

[alxwolf]

Thanks @OverengineeredNetwork, that is one (now) extraneous line of code which I now removed.

It should not affect functionality but has been fixed in the most current version.