Permission denied should be the issue here. Ensure freeradius has access to that file.
F. On Tue, 3 Sept 2024 at 15:46, Michele Salerno <[email protected]> wrote: > Hi, > I use acme for certificates but I have error with freeradius. > To get the certificates I used this script. > > #!/bin/bash > .acme.sh/acme.sh --issue --dns dns_nsupdate \ > -d openwisp.nnxx.ninux.org \ > -d *.nnxx.ninux.org \ > --cert-file /etc/ssl/openwisp/cert.pem \ > --key-file /etc/ssl/openwisp/key.pem \ > --fullchain-file /etc/ssl/openwisp/fullchain.pem \ > --capath /etc/ssl/openwisp/ca.pem --force > > ------------------------------- > > root@openwisp:~ # systemctl status freeradius.service > ● freeradius.service - FreeRADIUS multi-protocol policy server > Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; > preset: enabled) > Active: activating (auto-restart) (Result: exit-code) since Tue > 2024-09-03 21:30:16 CEST; 748ms ago > Docs: man:radiusd(8) > man:radiusd.conf(5) > http://wiki.freeradius.org/ > http://networkradius.com/doc/ > Process: 1798 ExecStartPre=/bin/chown freerad:freerad > /var/run/freeradius (code=exited, status=0/SUCCESS) > Process: 1799 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS > -Cx -lstdout (code=exited, status=1/FAILURE) > CPU: 46ms > root@openwisp:~ # systemctl restart freeradius.service > Job for freeradius.service failed because the control process exited with > error code. > See "systemctl status freeradius.service" and "journalctl -xeu > freeradius.service" for details. > > ------------------------------- > > oot@openwisp:~ # journalctl -xeu freeradius.service > ░░ L'unità freeradius.service ha iniziato la fase di avvio. > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: FreeRADIUS > Version 3.2.6 > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: Copyright (C) > 1999-2023 The FreeRADIUS server project and contributors > CUT > > > *set 03 21:30:29 openwisp.nnxx.ninux.org <http://openwisp.nnxx.ninux.org> > freeradius[1818]: tls: (TLS) Failed reading private key file > "/etc/ssl/openwisp/key.pem" set 03 21:30:29 openwisp.nnxx.ninux.org > <http://openwisp.nnxx.ninux.org> freeradius[1818]: tls: (TLS) > error:8000000D:system library::Permission denied* > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: tls: (TLS) > error:10080002:BIO routines::system lib > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: tls: (TLS) > error:0A080002:SSL routines::system lib > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: rlm_eap_ttls: > Failed initializing SSL context > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: rlm_eap > (openwisp_eap): Failed to initialise rlm_eap_ttls > set 03 21:30:29 openwisp.nnxx.ninux.org freeradius[1818]: > /etc/freeradius/mods-enabled/openwisp_eap[1]: Instantiation failed for > module "openwisp_eap" > set 03 21:30:29 openwisp.nnxx.ninux.org systemd[1]: freeradius.service: > Control process exited, code=exited, status=1/FAILURE > ░░ Subject: Uscito processo unità > ░░ Defined-By: systemd > ░░ Support: https://www.debian.org/support > ░░ > ░░ Un processo ExecStartPre appartenente all'unità freeradius.service è > uscito. > ░░ > ░░ Il codice di uscita del processo è 'exited' ed è uscito con 1. > set 03 21:30:29 openwisp.nnxx.ninux.org systemd[1]: freeradius.service: > Failed with result 'exit-code'. > ░░ Subject: Unit fallita > ░░ Defined-By: systemd > ░░ Support: https://www.debian.org/support > ░░ > ░░ Unità freeradius.service entrata nello stato 'failed' (fallito) con > risultato 'exit-code'. > set 03 21:30:29 openwisp.nnxx.ninux.org systemd[1]: Failed to start > freeradius.service - FreeRADIUS multi-protocol policy server. > ░░ Subject: L'unità freeradius.service è fallita > ░░ Defined-By: systemd > ░░ Support: https://www.debian.org/support > ░░ > ░░ L'unità freeradius.service è fallita. > ░░ > ░░ Il risultato è failed. > > root@openwisp:~ # > > -------------------------------------------------------- > > oot@openwisp:~ # cd /etc/ssl/openwisp/ > root@openwisp:openwisp # ll > totale 32K > drwxr-xr-x 2 root root 4,0K 10 lug 18.56 . > drwxr-xr-x 5 root root 4,0K 3 set 21.28 .. > -rw-r--r-- 1 root root 2,7K 10 lug 18.56 ca.pem > -rw-r--r-- 1 root root 1,5K 10 lug 18.56 cert.pem > -rw-r--r-- 1 root root 769 10 lug 19.00 dhparams.pem > -rw-r--r-- 1 root root 4,1K 10 lug 18.56 fullchain.pem > -rw------- 1 root root 227 10 lug 18.56 key.pem > > > > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web, visit > https://groups.google.com/d/msgid/openwisp/fdf15b73-d7dc-470c-9f15-ae5b8b09f242%40gmail.com > <https://groups.google.com/d/msgid/openwisp/fdf15b73-d7dc-470c-9f15-ae5b8b09f242%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/CAAGgX6LLMyfWz%2BNr7dA79HNVHuM7LQCvDMGkLWzsBu5%3D_qs4yQ%40mail.gmail.com.
