GuillaumeHullin
commented
7 months ago First, did you check if you have the latest pfsense_zbx.php?
Closed ID3000G closed 4 months ago
GuillaumeHullin
commented
7 months ago First, did you check if you have the latest pfsense_zbx.php?
ID3000G
commented
7 months ago Yes i have dowloaded it before open issue and redownloaded today. Still the same error ls -alh /root/scripts/pfsense_zbx.php : -rw-r--r-- 1 root wheel 47K Feb 1 14:26 /root/scripts/pfsense_zbx.php
denisgrilliGMSL
commented
6 months ago I have the same error with pfsense .2.7.0.
It actually started suddenly after I removed some expired certificates from pfsense. Was working ok previously and I didn't change the script.
denisgrilliGMSL
commented
6 months ago I think I got it fixed, deleting all the cached certificate info files in /root/.ssl/
I cannot currently remove any other certificate to see if start erroring again but probably something to do with cached files of removed certificates.
denisgrilliGMSL
commented
6 months ago Ok, I spoke too soon... looks like cache generation take its time and when I checked before not all the certinfo_xx.json file were generated... I have some of them which contains the string "false" instead of the actual certificate info and the error happens just for those. I am not how those are generated so why the "false" string.
rbicelli
commented
6 months ago Hi @denisgrilliGMSL, is your issue related to a single certificate or the whole cert checking is broken?
rbicelli
commented
6 months ago Maybe @AphidGit could help?
denisgrilliGMSL
commented
6 months ago From what I could gather, my situation is the following: I have 105 certificates in pfsense but the script generates 113 certinfo_xxx.json files. Certinfo_0.json to Certinfo_104.json are fine, they contains the correct certificate information. Certinfo_105.json to Certinfo_112.json contains the string "false".
The pfsense_zbx.php script cycle through them correctly until gets to Certinfo_105.json while of course start erroring and generate a crash report for each of the certinfo files from 105 to 112.
It looks like if there is some leftover (remember I removed some certificates today) somewhere which make the pfsense_zbx.php script think there are still 113 certificates despite 8 have been removed.
It could be an issue with pfsense and the way it removes certificates... Where pfsense_zbx.php gets its list of certificates?
rbicelli
commented
6 months ago And certinfo_105.json to certinfo_112.json are present on disk?
denisgrilliGMSL
commented
6 months ago Yes, they are present on disk and contains the string "false".
eduardo-eller
commented
6 months ago Estou com o mesmo problema
fchicout
commented
5 months ago Tried to delete the certfileXX.json with false content as @denisgrilliGMSL tried. No success. The pfSense recreates the files with the same content: false.
I think there are 2 ways to solve the problem:
fchicout
commented
5 months ago After reading this comments in netgate's forum and tried the following in an attempt to fix the problem through pfSense config.
cd /root/.ssl
grep "^false" | awk -F\: '{ print $1 }' | xargs rm -Rf # Delete all certificates with false in file content
rm -Rf /tmp/config.cache # Deletes the pfSense config cache
/etc/rc.reload_all start # Reloads config files, then rebuid cache configuration.
rebootIt made the problem to take longer (some minutes longer) to show. But didn't solve.
wylde780
commented
4 months ago I'm also experiencing this same issue with version 2.7.2 with the latest version of pfsense_zbx.php
I have this Crash reporter error :
[30-Jan-2024 16:45:55 Europe/Paris] PHP Fatal error: Uncaught TypeError: openssl_pkey_get_details(): Argument #1 ($key) must be of type OpenSSLAsymmetricKey, bool given in /root/scripts/pfsense_zbx.php:1237 Stack trace:
0 /root/scripts/pfsense_zbx.php(1237): openssl_pkey_get_details(false)
1 /root/scripts/pfsense_zbx.php(1260): pfz_get_cert_pkey_info('9')
2 /root/scripts/pfsense_zbx.php(1652): pfz_get_ref_cert_algo_bits('9')
3 {main}
thrown in /root/scripts/pfsense_zbx.php on line 1237
PFSense 2.7.1