Upgraded to PF2.5 = ERR_SSL_KEY_USAGE_INCOMPATIBLE

[jedblack]

• I can't find any logs that would provide relevant/helpful into.
• I backed up the /usr/local/Unifi directory and did a fresh install from this repo's script, which allows me to access the new install on port 8080, but when I restore using a backup, it reverts to the behavior of redirecting 8080->8443 which throws this error(ERR_SSL_KEY_USAGE_INCOMPATIBLE) on all browsers.
• Googling around a bit points to the need to adjust 'KeyUsage' stanzas, but I'm not sure how that could be done with this setup.
• Is this perhaps an SSL lib issue with Java? Note* I did have to run through some of the newer troubleshooting steps with pkg unlock/remove. Or perhaps this is an issue requiring a new keypair to be generated?

Any help would be immensely appreciated!

[jedblack]

I figured it out, using sockstat to trace what is bound to the ports, lighthttp was sitting on 8443, inspecting the config file pointed to pfBlockerNG package I installed and wasn't using, I remove that package and now I can access the Unifi controller. Updating this issue in case it helps someone else debug port/process conflicts.

` [2.5.0-RELEASE][root@pfsense01.lipsum.io]/tmp: sockstat -l|grep -i 8080 root java 42796 145 tcp46 :8080 : [2.5.0-RELEASE][root@pfsense01.lipsum.io]/tmp: sockstat -l | grep -i 8443 root lighttpd_p 8470 6 tcp4 :8443 : [2.5.0-RELEASE][root@pfsense01.lipsum.io]/tmp: ps -aux |grep -i light root 8470 0.0 0.1 17968 5724 - S Fri11 0:11.17 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root 74683 0.0 0.1 11204 2212 0 S+ 10:00 0:00.01 grep -i light [2.5.0-RELEASE][root@pfsense01.lipsum.io]/tmp: cat /var/unbound/pfb_dnsbl_lighty.conf #

pfBlockerNG Lighttpd DNSBL configuration file

# server.bind = "0.0.0.0" server.port = "8081" server.event-handler = "freebsd-kqueue" server.network-backend = "freebsd-sendfile" server.dir-listing = "disable" server.document-root = "/usr/local/www/pfblockerng/www/" server.errorlog = "/var/log/pfblockerng/dnsbl_error.log" server.pid-file = "/var/run/dnsbl.pid" server.modules = ( "mod_access", "mod_fastcgi", "mod_rewrite" )

index-file.names = ( "index.php" ) mimetype.assign = ( ".html" => "text/html", ".gif" => "image/gif" ) url.access-deny = ( "~", ".inc" ) fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/var/run/php-fpm.socket", "broken-scriptfilename" => "enable" ) ) )

debug.log-condition-handling = "enable"

$HTTP["host"] =~ "." { url.rewrite-once = ( "." => "/index.php" ) }

$SERVER["socket"] == "0.0.0.0:8443" { ssl.engine = "enable" ssl.pemfile = "/var/unbound/dnsbl_cert.pem" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.honor-cipher-order = "enable" ssl.cipher-list = "AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS"

$HTTP["host"] =~ ".*" {
    url.rewrite-once = ( ".*" => "/index.php" )
}

} `

[tong2x]

no more updates, closing for now