Permission denied response on "initial" setup

[douglasrcjames]

I am trying to run the initial command /data/udm-le/udm-le.sh initial, and getting an error response of -bash: /data/udm-le/udm-le.sh: Permission denied. What is being denied here? My API token using Cloudflare DNS (I followed permission instructions)? Is my UDM denying access? I might be messing up the subdomain setup, I just made a "A" type record, with the name "mysubdomain" and gave it a dummy IP address of "192.0.2.1", then added this subdomain to the .env file as instructed (and the API key as well).

[kchristensen]

The permissions on your shell script are wrong so it is not executable. Try running chmod 700 /data/udm-le/udm-le.sh then re-running your initial command.

[douglasrcjames]

Thanks for the quick response, I ran your snippet with Putty on the UDM and it didn't throw an error or success message. Was it supposed to respond with some sort of message?

[kchristensen]

Nope, it won't output anything, now just run /data/udm-le/udm-le.sh initial again and you should be good to go.

[douglasrcjames]

Hmm okay, I ran that initial snippet again and got a response of: -bash: /data/udm-le/udm-le.sh: /bin/bash^M: bad interpreter: No such file or directory

Here's my directory, which should be okay:

[kchristensen]

It sounds like however you are copying files over is corrupting them, that ^M in the output there is because the contents of the shell script have been changed.

[douglasrcjames]

I just deleted the udm-le folder from the UDM directory, then copied it back over. All I am doing is cloning the repo with Github, dragging and dropping it into the "data" directory of the UDM using WinSCP, then adjusting the .env file accordingly (changing email, cert host, and Cloudflare API key), then using Putty to run the commands you instructed. What else can I try? I haven't touched the udm-le.sh file that I copied over.

Could there be something wrong with my cert host subdomain or LE cert email?

[kchristensen]

It sounds like WinSCP or something is changing file encoding to dos format or something. You might have better luck just downloading udm-le directly on the machine:

cd /data
wget https://github.com/kchristensen/udm-le/archive/refs/tags/2.0.3.tar.gz
tar xzvf 2.0.3.tar.gz
mv udm-le-2.0.3 udm-le
rm -f 2.0.3.tar.gz

Then just edit your env file or copy it back over from your Windows machine.

[timrettop]

To fix files that have been altered by windows, you can run the command dos2unix filename and it will fix the bad line end/carriage return issue.

Here’s some detail on possible reasons why, don’t worry about their auto fixing stuff. https://serverfault.com/questions/604709/ways-to-automatically-fix-line-endings-in-shell-scripts-or-files-who-break-with

[kchristensen]

I was going to suggest dos2unix but it's not installed on the router and I'm trying to keep this minimally complex, so just untarring it directly on the machine would minimize the blast radius.

[douglasrcjames]

It sounds like WinSCP or something is changing file encoding to dos format or something. You might have better luck just downloading udm-le directly on the machine:

cd /data
wget https://github.com/kchristensen/udm-le/archive/refs/tags/2.0.3.tar.gz
tar xzvf 2.0.3.tar.gz
mv udm-le-2.0.3 udm-le
rm -f 2.0.3.tar.gz

Then just edit your env file or copy it back over from your Windows machine.

This worked supposedly and got success messages. Now I am unsure of the next steps. Visiting 192.168.0.1 still is not HTTPS, and visiting my subdomain.domain.com gives This site can’t be reached. What should I be expecting here?

[kchristensen]

An IP address is never going to have a valid SSL certificate, that's not how SSL certificates work. As for why subdomain.domain.com doesn't work sounds like a DNS issue you're going to have to troubleshoot. You should have DNS for that pointing to the internal IP of your router.

[douglasrcjames]

Okay thanks for the assistance so far on this!! Sounds like the missing step for me is "DNS for that pointing to the internal IP of your router". Any good links you might have by chance for me to follow for this setup?

[kchristensen]

If you've got Cloudflare setup so that you can issue SSL certificates, that's where you'd be creating your DNS records.

[douglasrcjames]

Ahh yes, of course, I was overthinking this step, I just set the A record's (for the subdomain) value to "192.168.0.1" which is the default UDM internal IP.

It looks to be working now, thanks so much!!