Hi Fernando, It’s a wildcard that is being replaced by a wildcard :) But the sslcerts table is empty in the database so something went wrong.
In the meantime I found my issue, the strange part is that the webgui does not check on if the certificate is correct, as I was missing the: -----END CERTIFICATE----- Which I did wrong a lot of the times.. and only noticed when looking in the database itself. -- Jimmy From: Fernando Alvarez <lugano...@gmail.com> Date: Monday, 29 April 2024 at 15:15 To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: Replaced SSL now console proxy not working Jummy, I understand. Many times when you change the certificate you start using a Domain Validation certificate (DV SSL) instead of a Wilcard certificate. If the global URL configuration is set to dynamic, the certificate does not work and the console service does not work either. --- Fernando. El lun, 29 abr 2024 a las 9:52, Jimmy Huybrechts (<ji...@linservers.com>) escribió: > Hi, > > It’s an existing deployment, I just tried renewing the certificate, before > I started with the renewal it worked fine, so I think I borked something > but what it is, I don’t know, I just followed the document I made before > for myself. > > -- > Jimmy > > From: Fernando Alvarez <lugano...@gmail.com> > Date: Monday, 29 April 2024 at 14:45 > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: Replaced SSL now console proxy not working > Hi Jimmy, > > Check these values in the global setting: > > consoleproxy.url.domain domain used for CPVM > consoleproxy.sslEnabled Switches SSL configuration of the CPVMon / off > > And check if the URL configuration is set to Static or Dynamic. If it is > Dynamic remember that you need a Wildcard SSL Certificate. > > Maybe something here can help you: > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ > > Best Regards, > > Fernando. > > > El lun, 29 abr 2024 a las 9:31, Jimmy Huybrechts (<ji...@linservers.com>) > escribió: > > > Hi Ruben, > > > > That made me being able to login :) > > > > I seem to be getting this: > > > > Apr 29 12:25:49 v-144-VM systemd[1]: cloud.service: Main process exited, > > code=exited, status=1/FAILURE > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,272 INFO Agent:314 - > > Stopping the agent: Reason = sig.kill > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > java.base/java.lang.Thread.run(Thread.java:829) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:346) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > java.base/java.lang.reflect.Method.invoke(Method.java:566) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:350) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:365) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:391) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: java.lang.NullPointerException > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,259 ERROR > > ConsoleProxy:100 - null > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > java.base/java.lang.Thread.run(Thread.java:829) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.agent.resource.consoleproxy.ConsoleProxyResource$1.runInContext(ConsoleProxyResource.java:346) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > java.base/java.lang.reflect.Method.invoke(Method.java:566) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.consoleproxy.ConsoleProxy.startWithContext(ConsoleProxy.java:350) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > com.cloud.consoleproxy.ConsoleProxy.start(ConsoleProxy.java:365) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.consoleproxy.ConsoleProxy.startupHttpMain(ConsoleProxy.java:390) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl.createHttpServerInstance(ConsoleProxySecureServerFactoryImpl.java:82) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at > > > com.cloud.consoleproxy.ConsoleProxySecureServerFactoryImpl$1.<init>(ConsoleProxySecureServerFactoryImpl.java:82) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: at jdk.httpserver/ > > > com.sun.net.httpserver.HttpsConfigurator.<init>(HttpsConfigurator.java:81) > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: java.lang.NullPointerException: > > null SSLContext > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,249 ERROR > > ConsoleProxySecureServerFactoryImpl:104 - java.lang.NullPointerException: > > null SSLContext > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,227 INFO > > ConsoleProxySecureServerFactoryImpl:51 - No certificates passed, recheck > > global configuration and certificates > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,227 INFO > > ConsoleProxySecureServerFactoryImpl:47 - Start initializing SSL > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,226 INFO > > ConsoleProxySecureServerFactoryImpl:51 - No certificates passed, recheck > > global configuration and certificates > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,225 INFO > > ConsoleProxySecureServerFactoryImpl:47 - Start initializing SSL > > Apr 29 12:25:48 v-144-VM _run.sh[58945]: 12:25:48,222 INFO > > ConsoleProxyResource:104 - Receive ReadyCommand, response with > ReadyAnswer > > > > Which is a bit strange as in the Events on the panel it says: > > Successfully completed issuing certificate. domain(s): [v-144-VM, > v-144-VM] > > > > It didn’t give any issue with uploading them either, I also destroyed the > > proxy and let it rebuild itself. > > > > -- > > Jimmy > > > > From: Ruben Bosch <ruben.bo...@cldin.eu> > > Date: Monday, 29 April 2024 at 14:15 > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Re: Replaced SSL now console proxy not working > > Jimmy, you can run "cloudstack-ssh 169.x.x.x" or "ssh -i > > /root/.ssh/id_rsa.cloud -p 3922 root@169.x.x.x" from the hypervisor > > running > > the system VM to SSH into the system VM. > > > > On Mon, Apr 29, 2024 at 2:09 PM Jimmy Huybrechts <ji...@linservers.com> > > wrote: > > > > > Hi, > > > > > > So I replaced the SSL certficate today since it uses lets encrypt. > > > > > > My secondary storage worked fine after recreation, but it seems my > > > consoleproxy doesn’t as it shows agent state disconnected, connecting, > > > disconnected. > > > > > > Now obviously I don’t have any console now so I can’t see what is wrong > > > with it. :) how to connect to it over for example SSH (as I get > > connection > > > refused) or a different way? So I can see what is wrong with it and > > debug. > > > I would guess it has something to do with SSL but without debugging > it’s > > > anyone’s guess. > > > > > > -- > > > Jimmy > > > > > > > > -- > Fernando Alvarez. > -- Fernando Alvarez.
