Nut-web-cgi package has borked my uhttpd config

supersebbo · September 15, 2021, 9:09am

Hi all,

I recently installed the package nut-web-cgi to get UPS stats available on the web interface. However installing this pacakge seems to have totally borked uhttpd and now I cannot get access to LUCI over HTTPS. I have since tried uninstalling the package and the problem remains.

My first thought was that the nut-web-cgi package had over-written the uhttpd config in /etc/config however I've compared to a known good backup and they are identical.


config uhttpd 'main'
	list listen_http '0.0.0.0:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option redirect_https '1'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert 'etc/router-cert-chain.cert.pem'
	option key '/etc/router.key.pem'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'defaults'
	option days '730'
	option bits '2048'
	option country 'ZZ'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'OpenWrt'

Upon restarting uhttpd wuth the init.d script I now get:

root@router:/etc# /etc/init.d/uhttpd restart
4+0 records in
4+0 records out
Generating a RSA private key
.......................+++++
.....................................+++++
writing new private key to '/etc/router.key.pem.new'
-----
Can't open etc/router-cert-chain.cert.pem.new for writing, No such file or directory
139888111308104:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('etc/router-cert-chain.cert.pem.new','wb')
139888111308104:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
mv: can't rename 'etc/router-cert-chain.cert.pem.new': No such file or directory

Seems like it's trying to generate new SSL cert/key even though they already exist. Strange thing is it's using my custom path to the certs as defined in my UCI config so the UCI config is clearly getting applied. I cannot work this out for the life of me, please help!

supersebbo · September 15, 2021, 11:47am

So it seems this action uncovered a latent issue with my config, which for some reason never cropped up until the nut-web-cgi install. Oddly uhttpd has been working absolutely fine for the last 5+ years? No idea how, I've checked the config file all the way back to 2018 and it's always had this error!

There is a missing / in the cert option.