SSL error after upgrading to 5.6.0 on ubuntu 16
-
This might be another issue that probably only very few people encounter, but since the upgrade to 5.6.0 I can't access the cloudron dashboard on one of my machines. Firefox throws an
SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET
error with the headline "Secure Connection Failed", Chrome does the same, only calls itERR_SSL_PROTOCOL_ERROR
. For whatever reason Firefox does work in private mode, Chrome does not. I've already rebooted the machine but that didn't change anything.I did find this page and that one which might be related.
All the apps are working fine as usual, only the dashboard does not. Quick fyi: This is my last 16.04 machine (the dedicated one which I also mentioned here). There are some warnings in the logs but nothing that I could link to this issue.
-
@msbt Does
systemctl restart nginx
help? If not, can you send me the domain of your Cloudron to support@cloudron.io ? -
The issue was some of the app configs had
ssl_session_tickets off
and some didn't . It seems nginx has some issue if they are inconsistent (see also https://github.com/nginx-proxy/nginx-proxy/issues/580#issuecomment-249587149).If someone else hits this:
cd /etc/nginx/applications
- Remove all the configs except my.domain.com
systemctl restart nginx
- Then, go to Location view of each app and click Save to get each back online.
-
@mehdi Indeed, the server was on 16.04. How is that related btw? Do you think it's related to having old openssl libraries or something?
-
I think @mehdi was curious if it was related to 16.04, not suggested that it was
All I can say is that this is my oldest cloudron machine still running that hasn't been migrated at some point - 2y+ I reckon - and it has been subject to a lot of testing and building over time, so could be a number of reasons why that happened.
-
I think we will push out a 5.6.1 which will re-configure all the apps and thus re-generating nginx configs.
-
-
Can you go to Services -> Mail and restart the mail service? Does that help?
-
@gml said in SSL error after upgrading to 5.6.0 on ubuntu 16:
That seemed to solve it, even if a server reboot did not solve it. I also got a mail, that this was also visible from other mail-servers (not just from my mail client), as I use DANE for certificate pinning.
Thx girish!I had the same issue. And the same fix. A reboot didn't work, a service restart did the trick. Thanks!