SSL error after upgrading to 5.6.0 on ubuntu 16

msbt

This might be another issue that probably only very few people encounter, but since the upgrade to 5.6.0 I can't access the cloudron dashboard on one of my machines. Firefox throws an SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET error with the headline "Secure Connection Failed", Chrome does the same, only calls it ERR_SSL_PROTOCOL_ERROR. For whatever reason Firefox does work in private mode, Chrome does not. I've already rebooted the machine but that didn't change anything.

I did find this page and that one which might be related.

All the apps are working fine as usual, only the dashboard does not. Quick fyi: This is my last 16.04 machine (the dedicated one which I also mentioned here). There are some warnings in the logs but nothing that I could link to this issue.

girish

@msbt Does systemctl restart nginx help? If not, can you send me the domain of your Cloudron to support@cloudron.io ?

msbt

Hey @girish, just tried, didn't work and now apps stopped working either (before, not after), sent you the information you need. Thanks in advance!

msbt

This is resolved, another issue promtly fixed, gotta love cloudron and its devs

girish

The issue was some of the app configs had ssl_session_tickets off and some didn't . It seems nginx has some issue if they are inconsistent (see also https://github.com/nginx-proxy/nginx-proxy/issues/580#issuecomment-249587149).

If someone else hits this:

• cd /etc/nginx/applications
• Remove all the configs except my.domain.com
• systemctl restart nginx
• Then, go to Location view of each app and click Save to get each back online.

mehdi

@girish Did this have something do to with 16.04, or was it unrelated, just random ?

girish

@mehdi Indeed, the server was on 16.04. How is that related btw? Do you think it's related to having old openssl libraries or something?

msbt

I think @mehdi was curious if it was related to 16.04, not suggested that it was

All I can say is that this is my oldest cloudron machine still running that hasn't been migrated at some point - 2y+ I reckon - and it has been subject to a lot of testing and building over time, so could be a number of reasons why that happened.

mehdi

Yes, I was only asking whether it was related to the server being 16.04, not suggesting anything ^^

I'll let you guys know when my 16.04 server updates to 5.6 if it causes any issue.

darkben

Hi,

same problem here with Cloudron 5.6.0 and ubuntu 16.04.
@girish tips solved the problem.

girish

I think we will push out a 5.6.1 which will re-configure all the apps and thus re-generating nginx configs.

gml

I also got SSL errors after the upgrade, but in Thunderbird. It seems like the default self signed Cert is used.

A possibility to postpone updates for like 2 weeks would be nice, to not run into such things.

girish

@gml are you on 5.6.1? As for the updates, starting this release the box code won't auto update anymore and will respect the schedule under settings (it's a single setting for app and box updates)

gml

@girish Just checked, yes i'm already on 5.6.1.
And good to know, thx

girish

Can you go to Services -> Mail and restart the mail service? Does that help?

gml

That seemed to solve it, even if a server reboot did not solve it. I also got a mail, that this was also visible from other mail-servers (not just from my mail client), as I use DANE for certificate pinning.
Thx girish!

odie

@gml said in SSL error after upgrading to 5.6.0 on ubuntu 16:

That seemed to solve it, even if a server reboot did not solve it. I also got a mail, that this was also visible from other mail-servers (not just from my mail client), as I use DANE for certificate pinning.
Thx girish!

I had the same issue. And the same fix. A reboot didn't work, a service restart did the trick. Thanks!