Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Error TLS FreeRadius certbot

74 views
Skip to first unread message

Michele Salerno

unread,
Sep 3, 2024, 3:46:17 PM9/3/24
to OpenWISP

Hi,
I use acme for certificates but I have error with freeradius.
To get the certificates I used this script.

#!/bin/bash
.acme.sh/acme.sh --issue --dns dns_nsupdate \
-d openwisp.nnxx.ninux.org \
-d *.nnxx.ninux.org \
--cert-file      /etc/ssl/openwisp/cert.pem  \
--key-file       /etc/ssl/openwisp/key.pem  \
--fullchain-file /etc/ssl/openwisp/fullchain.pem \
--capath     /etc/ssl/openwisp/ca.pem --force

-------------------------------

root@openwisp:~ # systemctl status freeradius.service

● freeradius.service - FreeRADIUS multi-protocol policy server
     Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Tue 2024-09-03 21:30:16 CEST; 748ms ago
       Docs: man:radiusd(8)
             man:radiusd.conf(5)
             http://wiki.freeradius.org/
             http://networkradius.com/doc/
    Process: 1798 ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius (code=exited, status=0/SUCCESS)
    Process: 1799 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout (code=exited, status=1/FAILURE)
        CPU: 46ms
root@openwisp:~ # systemctl restart freeradius.service
Job for freeradius.service failed because the control process exited with error code.
See "systemctl status freeradius.service" and "journalctl -xeu freeradius.service" for details.

-------------------------------

oot@openwisp:~ # journalctl -xeu freeradius.service
░░ L'unità freeradius.service ha iniziato la fase di avvio.
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: FreeRADIUS Version 3.2.6
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
CUT

set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: tls: (TLS) Failed reading private key file "/etc/ssl/openwisp/key.pem"
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: tls: (TLS) error:8000000D:system library::Permission denied
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: tls: (TLS) error:10080002:BIO routines::system lib
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: tls: (TLS) error:0A080002:SSL routines::system lib
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: rlm_eap_ttls: Failed initializing SSL context
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: rlm_eap (openwisp_eap): Failed to initialise rlm_eap_ttls
set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: /etc/freeradius/mods-enabled/openwisp_eap[1]: Instantiation failed for module "openwisp_eap"
set 03 21:30:29 openwisp.nnxx.ninux.org systemd[1]: freeradius.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Uscito processo unità
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ Un processo ExecStartPre appartenente all'unità freeradius.service è uscito.
░░
░░ Il codice di uscita del processo è 'exited' ed è uscito con 1.
set 03 21:30:29 openwisp.nnxx.ninux.org systemd[1]: freeradius.service: Failed with result 'exit-code'.
░░ Subject: Unit fallita
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ Unità freeradius.service entrata nello stato 'failed' (fallito) con risultato 'exit-code'.
set 03 21:30:29 openwisp.nnxx.ninux.org systemd[1]: Failed to start freeradius.service - FreeRADIUS multi-protocol policy server.
░░ Subject: L'unità freeradius.service è fallita
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ L'unità freeradius.service è fallita.
░░
░░ Il risultato è failed.

root@openwisp:~ #

--------------------------------------------------------

oot@openwisp:~ # cd /etc/ssl/openwisp/
root@openwisp:openwisp # ll
totale 32K
drwxr-xr-x 2 root root 4,0K 10 lug 18.56 .
drwxr-xr-x 5 root root 4,0K  3 set 21.28 ..
-rw-r--r-- 1 root root 2,7K 10 lug 18.56 ca.pem
-rw-r--r-- 1 root root 1,5K 10 lug 18.56 cert.pem
-rw-r--r-- 1 root root  769 10 lug 19.00 dhparams.pem
-rw-r--r-- 1 root root 4,1K 10 lug 18.56 fullchain.pem
-rw------- 1 root root  227 10 lug 18.56 key.pem



Federico Capoano

unread,
Sep 4, 2024, 12:10:48 PM9/4/24
to open...@googlegroups.com
Permission denied should be the issue here.
Ensure freeradius has access to that file.

F.

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/fdf15b73-d7dc-470c-9f15-ae5b8b09f242%40gmail.com.

Sailaja Ungati

unread,
Dec 13, 2024, 7:14:23 AM12/13/24
to OpenWISP
I am also facing the same issue : permission denied (failed parsing configuration item private_key_file)
I have already given full access permission to the server.key using  "chmod 777 server.key".
I have also changed the ownership of the server.key so that it can be used by freeradius using "sudo chown freerad:freerad  path/to/private/key/server.key".
But i am still facing the same issue.
Please guide to proceed further.
Thanks & Regards
Reply all
Reply to author
Forward
0 new messages