Hi. It’s really strange … but I think that only @arnaud can see if this is a bug or a issue with your special setup.
If you’re starting from scratch with Proxmox, I’m keeping my fingers crossed that things will work better. I don’t think you’ll regret this decision, as many things work perfectly…
Getting started isn’t that complicated. The server is up and running in a quarter of an hour.
Did you check if there are more detailed messages in /var/log/ajenti/ajenti.log? (I can’t check this file here at the moment.) And the message Can't open PID file /run/ajenti.pid is strange too (as it was a problem a very long time ago). That’s why @arnaud can possibly take a look at this problem
But as we have all already noticed above, there’s still something wrong with the certificates and the ajenti-crash-log confirms that too
Next time I’ll be in front of this test machine only on Monday, but in post #104 (and earlier in #99) there are the contents of the ajelnti.log and crash.txt files.
What I will be able to do over the weekend (maybe tomorrow) is to set up a test system at home on real physical machines to see if the error can be reproduced, whether it is related to physical machines or to a specific wan network…
i looked again in the picure of your cert folder…
I do think the trefortserver.fullchain.pem is not correct either
those certificates, I think are created with the cacerts… and there u have a mix of different dates.
the current dates of cacert.pem is May22nd and the cacert.key is May20, while the trefortserver.fullchain.pem has a date of May20. so i suppose it was created with a different cacert pair, I suppose.
the firewall is working for you… but thosed certs all of may 22nd as a date
so my guess would be to recreate the trefortserver.fullchain.pem and then the bundle
also there is this server.fullchain.pem file with 0 bytes. is that a file that is not used,since u renamed the server or sth.? I dont understand all what happened here, sorry…
Hi. Yes … there’s something mixed up … if you want to use a real FQDN for your server (and not *.lan) you can also try to let OPNSense create all certs for you (see #82).
Yes, I noticed that too (the 0 byte file was created by the renew-cert script), so I did a fresh install on Friday, so all cert files are dated May 23rd, but I didn’t take a fresh screenshot of that one because it didn’t matter (I tried the fresh not yet messed up install as described in #113).
