Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Mon Apr 18, 2022 7:03 pm
And does no one has a certificate for the Toon one to write over the old one with the new one?
Domotica - Home Automation Forum
https://www.domoticaforum.eu/
The certificates are personal to the toon. You can't use one certificate multiple times.
Also missed the update last week....
ExactlyTheRedBull wrote: ↑Tue Apr 19, 2022 8:05 pm Also can't someone with the update not acquire the code that was used by the update to get new certificates? Or is this exactly what you are currently figuring out?
hero!
So for my understanding.
This worked like a charm!
Code: Select all
toon:~# ./update-rooted.sh -c
:
Requesting new VPN certificates
Error opening Certificate /etc/openvpn/vpn/toon.crt
1074390752:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/etc/openvpn/vpn/toon.crt','r')
1074390752:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load certificate
This toon does not contain old VPN certficates. Not necessary to update VPN certificates.
Code: Select all
toon:~# ls -l /etc/openvpn/vpn/
-rw------- 1 root root 1379 Apr 17 2012 ca.crt
-rw-r--r-- 1 root root 245 Apr 17 2012 dh1024.pem
-rw------- 1 root root 4006 Jul 11 2014 eneco-001-######.crt
-rw------- 1 root root 891 Jul 11 2014 eneco-001-######.key
-rw------- 1 root root 636 Apr 17 2012 ta.key
Code: Select all
toon:~# openssl x509 -in /etc/openvpn/vpn/eneco-001-######.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: ##### (0x#####)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
Validity
Not Before: Jul 11 13:23:01 2014 GMT
Not After : Jul 8 13:23:01 2024 GMT
Subject: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=eneco-001-######/emailAddress=admin@quby.nl
Code: Select all
toon:~# openssl x509 -in /etc/openvpn/vpn/ca.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
da:d1:03:6b:af:24:ab:59
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
Validity
Not Before: Apr 17 09:48:39 2012 GMT
Not After : Apr 15 09:48:39 2022 GMT
Subject: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
No. It is the eneco-001.xxx.crt which needs to be replaced. That certificate is signed by a CA which now is invalid/outdated. That is the issue.
I did prepare for that in the real request for the certirficate but forgot to implement the same routine in the first part where it checks for a old certificate first
Code: Select all
#get real hostname (don't believe $HOSTNAME is always correct on rooted toons)
Code: Select all
Now starting the VPN tunnel and waiting for it to be alive and configured...
Could not enable VPN in a normal reasonable time!
DEBUG information:
192.168.0.0/24 dev eth0 scope link src 192.168.0.80
default via 192.168.0.1 dev eth0 metric 10
# <persistent /etc/hosts content can be added to /etc/hosts.template file>
127.0.0.1 localhost.localdomain localhost eneco-001-025058
172.23.112.1 feed.hae.int feed
END DEBUG information
Quitting the upgrade. It was a nice try tho...
Code: Select all
sh /root/update-rooted.sh -o
===================================================================================================================================================================
Welcome to the rooted Toon upgrade script. This script will try to upgrade your Toon using your original connection with Eneco. It will start the VPN if necessary.
Please be advised that running this script is at your own risk!
Version: 4.73 - TheHogNL - 20-04-2022
===================================================================================================================================================================
Only start VPN and then quit
This toon does not contain old VPN certficates. Not necessary to update VPN certificates.
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Could not enable VPN in a normal reasonable time!
DEBUG information:
192.168.0.0/24 dev eth0 scope link src 192.168.0.80
default via 192.168.0.1 dev eth0 metric 10
# <persistent /etc/hosts content can be added to /etc/hosts.template file>
127.0.0.1 localhost.localdomain localhost eneco-001-025058
172.23.112.1 feed.hae.int feed
END DEBUG information
Quitting the upgrade. It was a nice try tho...
killall: openvpn: no process killed