Nginx failed to start, private key mismatch

  • I renewed a letsencrypt SSL certificate at the beginning of this month. I thought it went well because the OMV webgui specified the expiration date 3 month in the future. The only strange thing was that browsers showed the old expiration date. Yesterday I updated and rebooted the system but systemctl shows me this error message:

    So I checked the private key file and the OMV config.xml but the keys match. I had a similar problem in the past: https://forum.openmediavault.o…?postID=162898#post162898
    The first thing I tried was to delete the keys between <sslcertificate> and </sslcertificate> and did a omv-mkconf nginx. It doesn't work. After a reboot I get the same error. Has anybody an idea what it could be. Maybe a problem with permissions?

  • Turns out that there was an error when the letsencrypt-plugin tried to renew the certificate.


    Thanks to @Gerald and @diego I managed to get nginx working again. These posts helped me:
    https://forum.openmediavault.o…?postID=163961#post163961
    https://forum.openmediavault.o…?postID=164251#post164251


    The problem was that the private keys in /etc/openmediavault/config.xml and /etc/ssl/private/openmediavault-id.key were not updated. The new key is in /etc/letsencrypt/keys/000x_key-certbot.pem. I just copied the content of this file into config.xml and openmediavault-id.key. Nginx is now working again but OMV said that the config changed and I should save it. After saving I get the error "An error has occured" :D with no additional information.



    I have no idea why this cert error occurred.


    Edit:
    Ok, it's a bug:


    It doesn't "morph" it. When the plugin creates the cert in the ssl section of OMV, it works but when renewing a cert, OMV doesn't update the private key because it already exists. This was fixed in OMV 4.x. I just haven't come up with a workaround for OMV 3.x other than deleting the cert in the OMV Cert SSL tab and creating new.

  • Yepp, can confirm this under OMV 3.x. However, for some reason it looks like part of suisujin's solution worked for me to revive the webgui of OMV (probably, because i use LetsEncrypt SSL for a separate nginx server, not for OMV itself):


    - Take latest private key (copy content) from /etc/letsencrypt/keys/000x_key-certbot.pem
    - Paste (and overwrite) content in /etc/ssl/private/openmediavault-KEYIDHERE.key
    - use omv-firstaid to configure webgui port, afterwards webgui restarts (no need to reboot)

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!