Nut upsuser - Jun 2018 - upsmon Can not initialize SSL context (letsencrypt) #563

those mails list are from last century but i give it a try !


created : https://github.com/networkupstools/nut/issues/563


Hello all,

Trying to run an EATON 850pro via USB on a Debian Stretch Stable.
I have letsencrypt certificate installed and working.

When trying to manage the EATON device, i got:
upsmon Can not initialize SSL context

When 850pro is connected via USB, i can:

lsusb
Bus 009 Device 003: ID 0463:ffff MGE UPS Systems UPS


after install nut using apt-get
apt-get install nut libupsclient1 nut-client nut-server

doing
upsdrvctl start
output

Network UPS Tools - UPS driver controller 2.7.4
Network UPS Tools - Generic HID driver 0.41 (2.7.4)
USB communication driver 0.33
Using subdriver: MGE HID 1.39


nut=standalone for my config

I create my conf files:
/etc/nut/ups.conf

[850PRO]
driver = usbhid-ups
port = auto
desc = "850PRO"


/etc/nut/upsd.conf

STATEPATH /var/run/nut
MAXCONN 1024
# CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem
CERTPATH /etc/letsencrypt/live/REDACTED/
# CERTIDENT "my nut server" "MyPasSw0rD"
# CERTREQUEST REQUIRE
#  - 0 to not request to clients to provide any certificate
#  - 1 to require to all clients a certificate
#  - 2 to require to all clients a valid certificate
LISTEN ::1 3493
LISTEN 127.0.0.1 3493


/etc/nut/upsd.users

#upsmon master
[admin]
    password = 1401
    allowfrom = localhost
    upsmon master
    actions = SET
    instcmds = ALL


/etc/nut/upsmon.conf

MINSUPPLIES 1
SHUTDOWNCMD "/sbin/shutdown -h +1"
POLLFREQ 10
POLLFREQALERT 10
HOSTSYNC 15
DEADTIME 20
POWERDOWNFLAG /etc/killpower
RBWARNTIME 432000
NOCOMMWARNTIME 300
FINALDELAY 4
CERTPATH /etc/letsencrypt/live/REDACTED/
# CERTHOST <hostname> <certificate name> <certverify>
<forcessl>
# CERTVERIFY 1
# FORCESSL 0
MONITOR 850PRO at localhost 1 admin 1401 master
SHUTDOWNCMD "/sbin/shutdown -h now"
HOSTSYNC 15
POWERDOWNFLAG /etc/nut/killpower
FINALDELAY 5
NOTIFYCMD /sbin/upssched
NOTIFYMSG ONBATT "%s is on battery"
NOTIFYMSG ONLINE "%s is back online"
NOTIFYMSG LOWBATT "%s has a low battery!"
NOTIFYMSG SHUTDOWN "System is being shutdown!"
NOTIFYFLAG ONLINE SYSLOG+EXEC
NOTIFYFLAG ONBATT SYSLOG+EXEC
NOTIFYFLAG LOWBATT SYSLOG+EXEC
NOTIFYFLAG FSD SYSLOG+WALL+EXEC
NOTIFYFLAG COMMOK SYSLOG+EXEC
NOTIFYFLAG COMMBAD SYSLOG+EXEC
NOTIFYFLAG SHUTDOWN SYSLOG+EXEC
NOTIFYFLAG REPLBATT SYSLOG+EXEC
NOTIFYFLAG NOCOMM SYSLOG+EXEC


/etc/nut/upssched.conf

LOCKFN /var/lib/nut/upssched.lock
PIPEFN /var/lib/nut/upssched.pipe
CMDSCRIPT /bin/upssched-cmd
AT ONBATT * START-TIMER onbatt1 13
AT ONLINE * CANCEL-TIMER onbatt1
#AT ONBATT * START-TIMER earlyshutdown 30
#AT ONLINE * CANCEL-TIMER earlyshutdown
AT ONBATT * START-TIMER onbattwarn 30
AT ONLINE * CANCEL-TIMER onbattwarn


when doing:
/etc/init.d/ups-monitor restart && tail -f /var/log/syslog
output:

[ ok ] Restarting ups-monitor (via systemctl): ups-monitor.service.
Jun 19 16:34:54 REDACTED systemd[1]: Stopping LSB: Network UPS Tools monitor
initscript...
Jun 19 16:34:55 REDACTED ups-monitor[7377]: Stopping NUT - power device monitor
and shutdown controller: nut-client.
Jun 19 16:34:55 REDACTED systemd[1]: Stopped LSB: Network UPS Tools monitor
initscript.
Jun 19 16:34:55 REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor
initscript...
Jun 19 16:34:55 REDACTED upsmon[7387]: Startup successful
Jun 19 16:34:55 REDACTED ups-monitor[7382]: Starting NUT - power device monitor
and shutdown controller: nut-client.
Jun 19 16:34:55 REDACTED systemd[1]: Started LSB: Network UPS Tools monitor
initscript.
Jun 19 16:34:55 REDACTED upsmon[7389]: Init SSL with cerificate database located
at /etc/letsencrypt/live/REDACTED/
Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context
Jun 19 16:34:55 REDACTED upsmon[7387]: upsmon parent: read


status give:

/etc/init.d/ups-monitor status
● ups-monitor.service - LSB: Network UPS Tools monitor initscript
   Loaded: loaded (/etc/init.d/ups-monitor; generated; vendor preset: enabled)
   Active: active (exited) since Tue 2018-06-19 16:34:55 CEST; 2min 18s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 7377 ExecStop=/etc/init.d/ups-monitor stop (code=exited,
status=0/SUCCESS)
  Process: 7382 ExecStart=/etc/init.d/ups-monitor start (code=exited,
status=0/SUCCESS)

REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript...
REDACTED upsmon[7387]: Startup successful
REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown
contr…lient.
REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript.
REDACTED upsmon[7389]: Init SSL with cerificate database located at
/etc/letsencry…/


.
Doing
upsl -l
output:
Error: Connection failure: Connection refused

I am lost. Comments and Help welcome.

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20180619/b4131644/attachment.html>

On Tue, 19 Jun 2018, tech wrote:
> Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context
> I am lost. Comments and Help welcome.
It's only a comment, but, this message comes from NUT program netssl.c

 		status = NSS_NoDB_Init(NULL);
 	if (status != SECSuccess) {
 		upslogx(LOG_ERR, "Can not initialize SSL context");
 		nss_error("upscli_init / NSS_[NoDB]_Init");
 		return;
 	}

which does not call PR_GetError to retrieve the error code when NSS_NoDB_Init 
fails.  To find out more, you could add the PR_GetError call, complete the error
message, recompile, re-install and try again.

Roger

Hello all.


Thx for the log-tip.


It was a access right violation on /etc.../letsencrypt/....cert . The folder was
own by root:root

Had to create a group nutusers including root and my nut users. After that, had
to change the chmod for the folder from 755 to 775


Now, running upsc -l

Init SSL without certificate database
850PRO

Witch is better. But still problématic wuth the init ssl database warning.


________________________________
De : Nut-upsuser <nut-upsuser-bounces+tech=rkn.ovh at
alioth-lists.debian.net> de la part de Roger Price <roger at
rogerprice.org>
Envoyé : lundi 25 juin 2018 16:54
À : nut-upsuser Mailing List
Objet : Re: [Nut-upsuser] upsmon Can not initialize SSL context (letsencrypt)
#563

On Tue, 19 Jun 2018, tech wrote:
> Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context
> I am lost. Comments and Help welcome.
It's only a comment, but, this message comes from NUT program netssl.c

                 status = NSS_NoDB_Init(NULL);
         if (status != SECSuccess) {
                 upslogx(LOG_ERR, "Can not initialize SSL context");
                 nss_error("upscli_init / NSS_[NoDB]_Init");
                 return;
         }

which does not call PR_GetError to retrieve the error code when NSS_NoDB_Init
fails.  To find out more, you could add the PR_GetError call, complete the error
message, recompile, re-install and try again.

Roger

_______________________________________________
Nut-upsuser mailing list
Nut-upsuser at alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20180627/7ee19f4f/attachment.html>