SSL error after upgrading to 5.6.0 on ubuntu 16

girish

The issue was some of the app configs had ssl_session_tickets off and some didn't . It seems nginx has some issue if they are inconsistent (see also https://github.com/nginx-proxy/nginx-proxy/issues/580#issuecomment-249587149).

If someone else hits this:

• cd /etc/nginx/applications
• Remove all the configs except my.domain.com
• systemctl restart nginx
• Then, go to Location view of each app and click Save to get each back online.

mehdi

@girish Did this have something do to with 16.04, or was it unrelated, just random ?

girish

@mehdi Indeed, the server was on 16.04. How is that related btw? Do you think it's related to having old openssl libraries or something?

msbt

I think @mehdi was curious if it was related to 16.04, not suggested that it was

All I can say is that this is my oldest cloudron machine still running that hasn't been migrated at some point - 2y+ I reckon - and it has been subject to a lot of testing and building over time, so could be a number of reasons why that happened.

mehdi

Yes, I was only asking whether it was related to the server being 16.04, not suggesting anything ^^

I'll let you guys know when my 16.04 server updates to 5.6 if it causes any issue.

darkben

Hi,

same problem here with Cloudron 5.6.0 and ubuntu 16.04.
@girish tips solved the problem.

girish

I think we will push out a 5.6.1 which will re-configure all the apps and thus re-generating nginx configs.

gml

I also got SSL errors after the upgrade, but in Thunderbird. It seems like the default self signed Cert is used.

A possibility to postpone updates for like 2 weeks would be nice, to not run into such things.

girish

@gml are you on 5.6.1? As for the updates, starting this release the box code won't auto update anymore and will respect the schedule under settings (it's a single setting for app and box updates)

gml

@girish Just checked, yes i'm already on 5.6.1.
And good to know, thx

girish

Can you go to Services -> Mail and restart the mail service? Does that help?

gml

That seemed to solve it, even if a server reboot did not solve it. I also got a mail, that this was also visible from other mail-servers (not just from my mail client), as I use DANE for certificate pinning.
Thx girish!

odie

@gml said in SSL error after upgrading to 5.6.0 on ubuntu 16:

That seemed to solve it, even if a server reboot did not solve it. I also got a mail, that this was also visible from other mail-servers (not just from my mail client), as I use DANE for certificate pinning.
Thx girish!

I had the same issue. And the same fix. A reboot didn't work, a service restart did the trick. Thanks!