UniFi Controller not starting after deploying certificate to keystore

Question

UniFi Controller not starting after deploying certificate to keystore

Qhilm opened this issue 3 months ago · comments

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
I have searched the existing issues, open and closed, and I'm convinced that mine is new.
The title contains the plugin to which this issue belongs

Describe the bug
After deploying the letsencrypt certificate used for the opnsense router to the Unifi Controller plugin using the os-acme-client plugin's "update local UniFi keystore", the os-unifi-maxit plugin is not starting anymore.

To Reproduce
Steps to reproduce the behavior:

Go to 'Services > ACME Client > Automation'
Create an automation with command "update local UniFi keystore", leave path to "/usr/local/share/java/unifi/data/keystore", call it "UniFi_automation"
Go to "Services > ACME Client > Certificates"
Click "edit" next to the certificate used for the opnsense router, add the "UniFi_automation" to the automations, click "save"
Click "run automations" next to the certificate where you just added an automation.

UniFi doesn't start anymore.

Expected behavior
UniFi Controller should come backup with a new certificate. @adn77 maybe you have an idea?

Relevant log files
I need some support to understand where the logs are.

Additional context
Router certificate is a wildcard certificate, public key is of type EC384.

Environment
OPNsense 24.1.6 amd64
os-acme-client plugin 4.2
os-unifi-maxit 1.3

Qhilm · Answer 1 · Fri May 17 2024 00:11:30 GMT+0800 (China Standard Time)

Interestingly, even after uninstalling and reinstalling the os-unifi-maxit plugin, it still crashes almost immediately after being launched.

Qhilm · Answer 2 · Fri May 17 2024 04:07:34 GMT+0800 (China Standard Time)

I checked the /usr/local/share/java/unifi/logs/startup.log file, but there is a single line:

[2024-05-16 18:19:08,561] <launcher> INFO  startup - Initiating startup

I moved the entire /usr/local/share/java/unifi/ folder (somehow it's not removed when uninstalling the plugin), I rebooted opnsense, but still impossible to keep the UniFi service up and running, this is weird, something has been corrupted that the plugin uninstallation is not removing it seems.

Maybe @mimugmail you have an idea where I should look?

Michael · Answer 3 · Fri May 17 2024 04:13:18 GMT+0800 (China Standard Time)

Remove the plugin, remove the folder and install again.
Please use issue tracker at my repo, unifi is not official nor supported :)

Qhilm · Answer 4 · Fri May 17 2024 04:16:05 GMT+0800 (China Standard Time)

Thanks for the feedback.

I was not sure if the issue is with the "update local UniFi keystore" command of with the UniFi plugin. Plugin was working fine until I tried to deploy a cert to the keystore.

I did move the /usr/local/share/java/unifi/ folder and removed the plugin, it does not help unfortunately.

I will open an issue on you tracker, thanks.

Qhilm · Answer 5 · Mon May 20 2024 03:33:11 GMT+0800 (China Standard Time)

This occurence issue is fixed by changing the port number crowdsec is using for its LAPI interface. Many thanks to @mimugmail.

I cannot reproduce the issue anymore and while I do not have an explanation for the fact that UniFi Controller never had a conflict with crowdsec before, it is clear that I had a misconfiguration.