tech
2018-Jun-19 16:25 UTC
[Nut-upsuser] upsmon Can not initialize SSL context (letsencrypt) #563
those mails list are from last century but i give it a try ! created : https://github.com/networkupstools/nut/issues/563 Hello all, Trying to run an EATON 850pro via USB on a Debian Stretch Stable. I have letsencrypt certificate installed and working. When trying to manage the EATON device, i got: upsmon Can not initialize SSL context When 850pro is connected via USB, i can: lsusb Bus 009 Device 003: ID 0463:ffff MGE UPS Systems UPS after install nut using apt-get apt-get install nut libupsclient1 nut-client nut-server doing upsdrvctl start output Network UPS Tools - UPS driver controller 2.7.4 Network UPS Tools - Generic HID driver 0.41 (2.7.4) USB communication driver 0.33 Using subdriver: MGE HID 1.39 nut=standalone for my config I create my conf files: /etc/nut/ups.conf [850PRO] driver = usbhid-ups port = auto desc = "850PRO" /etc/nut/upsd.conf STATEPATH /var/run/nut MAXCONN 1024 # CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem CERTPATH /etc/letsencrypt/live/REDACTED/ # CERTIDENT "my nut server" "MyPasSw0rD" # CERTREQUEST REQUIRE # - 0 to not request to clients to provide any certificate # - 1 to require to all clients a certificate # - 2 to require to all clients a valid certificate LISTEN ::1 3493 LISTEN 127.0.0.1 3493 /etc/nut/upsd.users #upsmon master [admin] password = 1401 allowfrom = localhost upsmon master actions = SET instcmds = ALL /etc/nut/upsmon.conf MINSUPPLIES 1 SHUTDOWNCMD "/sbin/shutdown -h +1" POLLFREQ 10 POLLFREQALERT 10 HOSTSYNC 15 DEADTIME 20 POWERDOWNFLAG /etc/killpower RBWARNTIME 432000 NOCOMMWARNTIME 300 FINALDELAY 4 CERTPATH /etc/letsencrypt/live/REDACTED/ # CERTHOST <hostname> <certificate name> <certverify> <forcessl> # CERTVERIFY 1 # FORCESSL 0 MONITOR 850PRO at localhost 1 admin 1401 master SHUTDOWNCMD "/sbin/shutdown -h now" HOSTSYNC 15 POWERDOWNFLAG /etc/nut/killpower FINALDELAY 5 NOTIFYCMD /sbin/upssched NOTIFYMSG ONBATT "%s is on battery" NOTIFYMSG ONLINE "%s is back online" NOTIFYMSG LOWBATT "%s has a low battery!" NOTIFYMSG SHUTDOWN "System is being shutdown!" NOTIFYFLAG ONLINE SYSLOG+EXEC NOTIFYFLAG ONBATT SYSLOG+EXEC NOTIFYFLAG LOWBATT SYSLOG+EXEC NOTIFYFLAG FSD SYSLOG+WALL+EXEC NOTIFYFLAG COMMOK SYSLOG+EXEC NOTIFYFLAG COMMBAD SYSLOG+EXEC NOTIFYFLAG SHUTDOWN SYSLOG+EXEC NOTIFYFLAG REPLBATT SYSLOG+EXEC NOTIFYFLAG NOCOMM SYSLOG+EXEC /etc/nut/upssched.conf LOCKFN /var/lib/nut/upssched.lock PIPEFN /var/lib/nut/upssched.pipe CMDSCRIPT /bin/upssched-cmd AT ONBATT * START-TIMER onbatt1 13 AT ONLINE * CANCEL-TIMER onbatt1 #AT ONBATT * START-TIMER earlyshutdown 30 #AT ONLINE * CANCEL-TIMER earlyshutdown AT ONBATT * START-TIMER onbattwarn 30 AT ONLINE * CANCEL-TIMER onbattwarn when doing: /etc/init.d/ups-monitor restart && tail -f /var/log/syslog output: [ ok ] Restarting ups-monitor (via systemctl): ups-monitor.service. Jun 19 16:34:54 REDACTED systemd[1]: Stopping LSB: Network UPS Tools monitor initscript... Jun 19 16:34:55 REDACTED ups-monitor[7377]: Stopping NUT - power device monitor and shutdown controller: nut-client. Jun 19 16:34:55 REDACTED systemd[1]: Stopped LSB: Network UPS Tools monitor initscript. Jun 19 16:34:55 REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript... Jun 19 16:34:55 REDACTED upsmon[7387]: Startup successful Jun 19 16:34:55 REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown controller: nut-client. Jun 19 16:34:55 REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript. Jun 19 16:34:55 REDACTED upsmon[7389]: Init SSL with cerificate database located at /etc/letsencrypt/live/REDACTED/ Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context Jun 19 16:34:55 REDACTED upsmon[7387]: upsmon parent: read status give: /etc/init.d/ups-monitor status ● ups-monitor.service - LSB: Network UPS Tools monitor initscript Loaded: loaded (/etc/init.d/ups-monitor; generated; vendor preset: enabled) Active: active (exited) since Tue 2018-06-19 16:34:55 CEST; 2min 18s ago Docs: man:systemd-sysv-generator(8) Process: 7377 ExecStop=/etc/init.d/ups-monitor stop (code=exited, status=0/SUCCESS) Process: 7382 ExecStart=/etc/init.d/ups-monitor start (code=exited, status=0/SUCCESS) REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript... REDACTED upsmon[7387]: Startup successful REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown contr…lient. REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript. REDACTED upsmon[7389]: Init SSL with cerificate database located at /etc/letsencry…/ . Doing upsl -l output: Error: Connection failure: Connection refused I am lost. Comments and Help welcome. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20180619/b4131644/attachment.html>
Roger Price
2018-Jun-25 14:54 UTC
[Nut-upsuser] upsmon Can not initialize SSL context (letsencrypt) #563
On Tue, 19 Jun 2018, tech wrote:> Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context> I am lost. Comments and Help welcome.It's only a comment, but, this message comes from NUT program netssl.c status = NSS_NoDB_Init(NULL); if (status != SECSuccess) { upslogx(LOG_ERR, "Can not initialize SSL context"); nss_error("upscli_init / NSS_[NoDB]_Init"); return; } which does not call PR_GetError to retrieve the error code when NSS_NoDB_Init fails. To find out more, you could add the PR_GetError call, complete the error message, recompile, re-install and try again. Roger
tech
2018-Jun-27 11:59 UTC
[Nut-upsuser] upsmon Can not initialize SSL context (letsencrypt) #563
Hello all. Thx for the log-tip. It was a access right violation on /etc.../letsencrypt/....cert . The folder was own by root:root Had to create a group nutusers including root and my nut users. After that, had to change the chmod for the folder from 755 to 775 Now, running upsc -l Init SSL without certificate database 850PRO Witch is better. But still problématic wuth the init ssl database warning. ________________________________ De : Nut-upsuser <nut-upsuser-bounces+tech=rkn.ovh at alioth-lists.debian.net> de la part de Roger Price <roger at rogerprice.org> Envoyé : lundi 25 juin 2018 16:54 À : nut-upsuser Mailing List Objet : Re: [Nut-upsuser] upsmon Can not initialize SSL context (letsencrypt) #563 On Tue, 19 Jun 2018, tech wrote:> Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context> I am lost. Comments and Help welcome.It's only a comment, but, this message comes from NUT program netssl.c status = NSS_NoDB_Init(NULL); if (status != SECSuccess) { upslogx(LOG_ERR, "Can not initialize SSL context"); nss_error("upscli_init / NSS_[NoDB]_Init"); return; } which does not call PR_GetError to retrieve the error code when NSS_NoDB_Init fails. To find out more, you could add the PR_GetError call, complete the error message, recompile, re-install and try again. Roger _______________________________________________ Nut-upsuser mailing list Nut-upsuser at alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20180627/7ee19f4f/attachment.html>