Uhttpd stop after installing luci-ssl


I wonder if anyone may know possible solutions.

Self-signed SSL certificate works fine with newifi-d2 OpenWrt 19.07.7 to enable https access to the router.

When I switch to the firmware:
luci http access is normal.

But after installing either luci-ssl or luci-ssl-openssl, uhttpd was stopped. ps command shows no uhttpd process anymore.

Any changes in the back for this upgrade require different package installation?

Thanks in advance for sharing information.

and what does the log say ?

or if you try to run uhttpd in the foreground ....

1 Like

Thank you for comments.

Actually, after this post, I restored my 19.07.7 backup soon. Before that, I did not check the log but tried /etc/init.d/uhttpd stop|start|restart, ps showed no uhttpd process either.

And, today, I find more time to try to reproduce it. The root cause comes out unexpectedly.

The mirror-opkg-repository leads to this. When I disable customfeeds and change back to use the official repository to install luci-ssl, uhttpd will survive, but only serve on port 80 for http not port 443 for https.

I start to doubt wolfssl, which just replaced mbedtls to be the back-end in 21.02.0-rc1. But, installation of openssl shows the same symptoms.

If I delete the crt and key files provided, upon restart uhttpd will generate new ones. Then, the https server comes back but chrome-like browsers will complain insecurity and warn not to continue.

So, I realize maybe the version upgrade of kernel or SSL back-end brings incompatibility to my old certificate and key, those were generated 1.5 years ago.

uhttpd: add support to generate EC keys · openwrt/openwrt@7f2b230 · GitHub
From the page of recent update, I still could not find any build-in option to generate crt/key with SAN-subjectAltName, which is must-have nowadays. So, I have to install openssl-util to generate new crt/key as before.

Finally, everything is OK now. Happy to let you all to know this.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.