Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spoiled certificate can lead to service unavailability #5189

Closed
3 tasks done
Birbber opened this issue Nov 24, 2022 · 0 comments
Closed
3 tasks done

Spoiled certificate can lead to service unavailability #5189

Birbber opened this issue Nov 24, 2022 · 0 comments
Assignees
@EugeneOne1
Labels
bug P2: High
Milestone
v0.107.20

Comments

@Birbber
Copy link

Birbber commented Nov 24, 2022

Prerequisites

  • I have checked the Wiki and Discussions and found no answer

  • I have searched other issues and found no duplicates

  • I want to report a bug and not ask a question

Operating system type

macOS (aka Darwin)

CPU architecture

64-bit ARM

Installation

GitHub releases or script from README

Setup

On one machine

AdGuard Home version

0.107.19

Description

What did you do?

  • Install it as a service
  • Enable Encryption (set up cert and key, etc.)
  • Use AGHome for a while
  • Stop the service and change 1 character in the key's contents in AdGuardHome.yaml
  • Try to start the service

Expected result

The service is available. The encryption settings page shows the correct status for the certificate-key pair.

Actual result

The service is not available. UI can't load.

➜  sudo ./AdGuardHome -s start
2022/11/24 16:02:46 [info] AdGuard Home, version v0.107.19
2022/11/24 16:02:46 [info] service: control action: start
2022/11/24 16:02:46 [info] service: action start has been done successfully on darwin-launchd


/Applications/AdGuardHome
➜  sudo ./AdGuardHome -s status
2022/11/24 16:03:38 [info] AdGuard Home, version v0.107.19
2022/11/24 16:03:38 [info] service: control action: status
2022/11/24 16:03:38 [info] service: stopped
2022/11/24 16:03:38 [info] service: action status has been done successfully on darwin-launchd


/Applications/AdGuardHome
➜  sudo ./AdGuardHome -s start
2022/11/24 16:03:43 [info] AdGuard Home, version v0.107.19
2022/11/24 16:03:43 [info] service: control action: start
2022/11/24 16:03:43 [fatal] service: executing action "start": Failed to start AdGuard Home service: "launchctl" failed with stderr: /Library/LaunchDaemons/AdGuardHome.plist: service already loaded
Load failed: 37: Operation already in progress

The issue is only seen in the debug log:
[fatal] initializing tls: loading config: validating certificate pair: no valid keys were found
@ainar-g ainar-g added this to the v0.107.20 milestone Nov 24, 2022
@ainar-g ainar-g modified the milestones: v0.107.21, v0.107.20 Dec 7, 2022
heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@EugeneOne1 @heyxkhoa
Pull request: 5189-run-bad-cert
eefcfa6 
Merge in DNS/adguard-home from 5189-run-bad-cert to master

Closes AdguardTeam#5189.

Squashed commit of the following:

commit 9e6ac62
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Thu Nov 24 19:17:43 2022 +0300

    all: imp chlog again

commit 5870aee
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Thu Nov 24 18:57:54 2022 +0300

    all: imp chlog

commit ec0d4b6
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Thu Nov 24 18:43:04 2022 +0300

    home: rm fatal on tls init errors
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EugeneOne1 EugeneOne1

Labels
bug P2: High
Projects
None yet
Milestone
v0.107.20
Development

No branches or pull requests
3 participants
@ainar-g @EugeneOne1 @Birbber