search

binhex / arch-sabnzbdvpn

Docker build script for Arch Linux base with SABnzbd, Privoxy and OpenVPN
GNU General Public License v3.0
49 stars 9 forks source link

PIA 2024-05-02 07:37:28 OpenSSL: error:0488000D:PEM routines::ASN1 lib: #41

Closed ItsRainingHP closed 3 days ago

ItsRainingHP commented 2 months ago

I am suddenly getting the following errors in the logs and the UI fails to start at all. No changes to any settings, files, or logins. This just randomly started occurring and the GUI no longer loads.


-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8090 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -d 188.215.235.124/32 -o eth0 -j ACCEPT
-A OUTPUT -d 188.215.235.109/32 -o eth0 -j ACCEPT
-A OUTPUT -d 188.215.235.110/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.159.201/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.19.240.167/32 -o eth0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -d 188.215.235.124/32 -o eth0 -j ACCEPT
-A OUTPUT -d 188.215.235.109/32 -o eth0 -j ACCEPT
-A OUTPUT -d 188.215.235.110/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.159.201/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.19.240.167/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8090 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2024-05-02 07:37:28,551 DEBG 'start-script' stdout output:
--------------------

2024-05-02 07:37:28,552 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2024-05-02 07:37:28,561 DEBG 'start-script' stdout output:
2024-05-02 07:37:28 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 

2024-05-02 07:37:28,561 DEBG 'start-script' stdout output:
2024-05-02 07:37:28 WARNING: file 'credentials.conf' is group or others accessible
2024-05-02 07:37:28 OpenVPN 2.6.10 [git:makepkg/ba0f62fb950c56a0+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Mar 20 2024
2024-05-02 07:37:28 library versions: OpenSSL 3.3.0 9 Apr 2024, LZO 2.10
2024-05-02 07:37:28 DCO version: N/A

2024-05-02 07:37:28,562 DEBG 'start-script' stdout output:
2024-05-02 07:37:28 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2024-05-02 07:37:28,562 DEBG 'start-script' stdout output:
2024-05-02 07:37:28 OpenSSL: error:068000E9:asn1 encoding routines::utctime is too short:
2024-05-02 07:37:28 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=revocationDate, Type=X509_REVOKED
2024-05-02 07:37:28 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=revoked, Type=X509_CRL_INFO
2024-05-02 07:37:28 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=crl, Type=X509_CRL
2024-05-02 07:37:28 OpenSSL: error:0488000D:PEM routines::ASN1 lib:
2024-05-02 07:37:28 CRL: cannot read CRL from file [[INLINE]]
2024-05-02 07:37:28 CRL: loaded 0 CRLs from file -----BEGIN X509 CRL-----
MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
-----END X509 CRL-----

2024-05-02 07:37:28,562 DEBG 'start-script' stdout output:
2024-05-02 07:37:28 TCP/UDP: Preserving recently used remote address: [AF_INET]HIDDEN:1198
2024-05-02 07:37:28 UDPv4 link local: (not bound)
2024-05-02 07:37:28 UDPv4 link remote: [AF_INET]HIDDEN:1198```
binhex commented 2 months ago

https://github.com/binhex/arch-qbittorrentvpn/issues/233#issuecomment-2088228595

cmdss1 commented 2 months ago

binhex/arch-qbittorrentvpn#233 (comment)

Cheers! Had the same issue, reverted back to an older image and it solved the issues. Hopefully PIA will fix this issue soon :)

ItsRainingHP commented 2 months ago

binhex/arch-qbittorrentvpn#233 (comment)

I am confused you said to change to tag 2024033106 but I do not see it on the tag list and it failed to pull.

https://hub.docker.com/r/binhex/arch-sabnzbdvpn/tags

cmdss1 commented 2 months ago

binhex/arch-qbittorrentvpn#233 (comment)

I am confused you said to change to tag 2024033106 but I do not see it on the tag list and it failed to pull.

https://hub.docker.com/r/binhex/arch-sabnzbdvpn/tags

You just need to use an older version, the "tag" I used was "4.2.0-1-01" from 4 months ago, just to be sure.

ItsRainingHP commented 2 months ago

binhex/arch-qbittorrentvpn#233 (comment)

I am confused you said to change to tag 2024033106 but I do not see it on the tag list and it failed to pull. https://hub.docker.com/r/binhex/arch-sabnzbdvpn/tags

You just need to use an older varsion, the "tag" I used was "4.2.0-1-01" from 4 months ago, just to be sure.

Thanks I switch to 4.2.3-1-06 and it seems to be working.