Lighttpd SSL failures after upgrade from Buster to Bullseye Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
fhals
Posts: 35
Joined: Mon Sep 07, 2020 10:00 am

Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by fhals »

Hi,

after upgrading from Buster to Bullseye with working DietPi-LetsEncrypt, some SSL-related-settings in lighttpd are broken and it won't start.
Error msg:
fdevent.c.1150) fdevent_load_file() /etc/lighttpd/server.pem: No such file or directory
server.c.1244) Initialization of plugins failed. Going down.

Solution:
After upgrading, there is a new generic conf-file in place:
/etc/lighttpd/conf-enabled/10-ssl.conf
that refers to a non existent
ssl.pemfile = "/etc/lighttpd/server.pem"
Should be
ssl.pemfile = "/etc/letsencrypt/live/[i]yourdomain[/i]/combined.pem"
to respect the original LetsEncrypt certificate.

Further, there's a warning:
WARNING: include-conf-enabled.pl is deprecated and slated for removal.
Replace in lighttpd.conf with:
include "/etc/lighttpd/conf-enabled/*.conf"

Just do as suggested, and the warning is gone.
User avatar
Joulinar
Posts: 5998
Joined: Sat Nov 16, 2019 12:49 am

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by Joulinar »

hmm is that an older installation? Because it contains thinks we don't use on current installations.
Further, there's a warning:
WARNING: include-conf-enabled.pl is deprecated and slated for removal.
Replace in lighttpd.conf with:
include "/etc/lighttpd/conf-enabled/*.conf"
we use configuration file as is and it contains correct setting

Code: Select all

include "/etc/lighttpd/conf-enabled/*.conf"
Error msg:
fdevent.c.1150) fdevent_load_file() /etc/lighttpd/server.pem: No such file or directory
server.c.1244) Initialization of plugins failed. Going down.
For SSL configuration, we use our own config file 98-dietpi-https_redirect.conf + 50-dietpi-https.conf. At least if you would use our own dietpi-letsencrypt to generate SSL certificates, 10-ssl.conf will not be activated.

And of course we use file path as created by letsencrypt.

Code: Select all

# pemfile is cert+privkey, ca-file is the intermediate chain in one file
ssl.pemfile = "/etc/letsencrypt/live/my.ddns.com/combined.pem"
ssl.ca-file = "/etc/letsencrypt/live/my.ddns.com/fullchain.pem"
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
fhals
Posts: 35
Joined: Mon Sep 07, 2020 10:00 am

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by fhals »

Thank you for the clarification. All the files you mentioned are still there.
Looking at the file-dates in the conf-directory, 10-ssl.conf seems to have been installed by the upgrade from stretch to buster.
Unlinked it and everything works fine.
User avatar
Joulinar
Posts: 5998
Joined: Sat Nov 16, 2019 12:49 am

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by Joulinar »

strange that 10-ssl.conf got activated. At least not something our scripts do. Maybe Lighttpd package update detected an active SSL configuration and activated the config by it's own? Anyway, good it is fixed now.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 208
Joined: Sun Mar 15, 2020 5:40 pm

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by przemko »

Hi @Joulinar I have similar issue. I have problems with my nextcloud installation before (lighttpd) because I move from Rpi to MiniPC. Now I upgrade from Buster to Bullseye and everything went fine but my nextcloud dont work. I try to reinstall and try

Code: Select all

ncc maintance:repair
. I reboot few times but still nothing.

Code: Select all

dietpi@DietPi:~$ sudo dietpi-services status

 DietPi-Services
─────────────────────────────────────────────────────
 Mode: status 

[  OK  ] DietPi-Services | avahi-daemon         : active (running) since Thu 2021-10-07 17:10:00 CEST; 1min 44s ago
[  OK  ] DietPi-Services | proftpd              : active (running) since Thu 2021-10-07 17:10:01 CEST; 1min 44s ago
[  OK  ] DietPi-Services | nfs-kernel-server    : active (exited) since Thu 2021-10-07 17:10:02 CEST; 1min 42s ago
[  OK  ] DietPi-Services | redis-server         : active (running) since Thu 2021-10-07 17:10:02 CEST; 1min 42s ago
[  OK  ] DietPi-Services | mariadb              : active (running) since Thu 2021-10-07 17:10:03 CEST; 1min 41s ago
[  OK  ] DietPi-Services | php7.4-fpm           : active (running) since Thu 2021-10-07 17:10:03 CEST; 1min 41s ago
[FAILED] DietPi-Services | ● lighttpd.service - Lighttpd Daemon
     Loaded: loaded (/lib/systemd/system/lighttpd.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2021-10-07 17:10:05 CEST; 1min 39s ago
    Process: 1372 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPTION)
        CPU: 85ms

Oct 07 17:10:05 DietPi systemd[1]: lighttpd.service: Control process exited, code=exited, status=255/EXCEPTION
Oct 07 17:10:05 DietPi systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Oct 07 17:10:05 DietPi systemd[1]: Failed to start Lighttpd Daemon.
Oct 07 17:10:05 DietPi systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Oct 07 17:10:05 DietPi systemd[1]: Stopped Lighttpd Daemon.
Oct 07 17:10:05 DietPi systemd[1]: lighttpd.service: Start request repeated too quickly.
Oct 07 17:10:05 DietPi systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Oct 07 17:10:05 DietPi systemd[1]: Failed to start Lighttpd Daemon.
[  OK  ] DietPi-Services | emby-server          : active (running) since Thu 2021-10-07 17:10:03 CEST; 1min 41s ago
[  OK  ] DietPi-Services | noip2                : active (running) since Thu 2021-10-07 17:10:03 CEST; 1min 41s ago
[  OK  ] DietPi-Services | cron                 : active (running) since Thu 2021-10-07 17:10:03 CEST; 1min 41s ago
[  OK  ] DietPi-Services | ssh                  : active (running) since Thu 2021-10-07 17:10:00 CEST; 1min 44s ago
[  OK  ] DietPi-Services | fail2ban             : active (running) since Thu 2021-10-07 17:09:48 CEST; 1min 56s ago
[ INFO ] DietPi-Services | dietpi-vpn           : inactive (dead)
[  OK  ] DietPi-Services | dietpi-ramlog        : active (exited) since Thu 2021-10-07 17:09:48 CEST; 1min 57s ago
[  OK  ] DietPi-Services | dietpi-preboot       : active (exited) since Thu 2021-10-07 17:09:48 CEST; 1min 57s ago
[  OK  ] DietPi-Services | dietpi-boot          : active (exited) since Thu 2021-10-07 17:10:00 CEST; 1min 44s ago
[  OK  ] DietPi-Services | dietpi-postboot      : active (exited) since Thu 2021-10-07 17:10:00 CEST; 1min 44s ago
[ INFO ] DietPi-Services | dietpi-wifi-monitor  : inactive (dead)
Regards,
Przemek
User avatar
Joulinar
Posts: 5998
Joined: Sat Nov 16, 2019 12:49 am

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by Joulinar »

No need to reinstall or repair anything. Simply post following to check config

Code: Select all

/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 208
Joined: Sun Mar 15, 2020 5:40 pm

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by przemko »

I have that:

Code: Select all

dietpi@DietPi:~$ /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2021-10-07 17:40:01: configfile.c.461) Warning: "mod_compress" is DEPRECATED and has been replaced with "mod_deflate".  A future release of lighttpd 1.4.x will not contain mod_compress and lighttpd may fail to start up
2021-10-07 17:40:01: configfile.c.2274) server.upload-dirs doesn't exist: /var/cache/lighttpd/uploads
2021-10-07 17:40:01: plugin.c.195) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so /usr/lib/lighttpd/mod_openssl.so: cannot open shared object file: No such file or directory
2021-10-07 17:40:01: server.c.1238) loading plugins finally failed
Regards.
przemko
Posts: 208
Joined: Sun Mar 15, 2020 5:40 pm

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by przemko »

I find another topic and install mod-openssl and mod-deflate but don't help. I see only https works but www site shows me 503 Service Unavailable.
regards.
User avatar
Joulinar
Posts: 5998
Joined: Sat Nov 16, 2019 12:49 am

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by Joulinar »

Did you reboot your system. Are all services running afterwards?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
przemko
Posts: 208
Joined: Sun Mar 15, 2020 5:40 pm

Re: Lighttpd SSL failures after upgrade from Buster to Bullseye

Post by przemko »

I reboot system all services are working OK. Maybe dietpi-letsencrypt reinstall?

Code: Select all

dietpi@DietPi:~$ sudo /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2021-10-07 18:16:14: configfile.c.461) Warning: "mod_compress" is DEPRECATED and has been replaced with "mod_deflate".  A future release of lighttpd 1.4.x will not contain mod_compress and lighttpd may fail to start up
2021-10-07 18:16:14: mod_openssl.c.2475) SSL: ssl.use-sslv2 is deprecated and will soon be removed.  It is disabled by default.  Many modern TLS libraries no longer support SSLv2.
2021-10-07 18:16:14: mod_openssl.c.2482) SSL: ssl.use-sslv3 is deprecated and will soon be removed.  It is disabled by default.  Many modern TLS libraries no longer support SSLv3.
2021-10-07 18:16:14: mod_deflate.c.567) DEPRECATED: compress.filetype replaced with deflate.mimetypes
2021-10-07 18:16:14: mod_deflate.c.580) DEPRECATED: compress.cache-dir replaced with deflate.cache-dir
regards.
Post Reply