Need help to debug

Sventovit · 25 June 2018 06:10

EDIT:
The power in my house sometimes breaks so I’ve installed 2 years ago the Network UPS Tools package (NUT) on my PRI which works until now.
I need a hand to fix the issues (I have had a stroke last summer and I must say I am very diminished and unable to do this by myself).
I’ve checked the scripts (founded here) andnothing has change.
So if a gooder can help…
Thanks in advance.

Hi all
got an issue with my Eaton UPS which suddenly lost connection with my Raspberry.
Does someone has an idea of what happened?

Some errors (Failures) too can be seen on the log…
Here: kopipefaju

bmillham · 25 June 2018 06:32

Jun 24 18:02:13 osmc upsmon[425]: Login on UPS [eaton@localhost] failed - got [ERR ACCESS-DENIED]

You probably should contact Eaton support. From that error it looks like it’s refusing the connection. Did you have to install anything to get the Pi to work with the UPS? Maybe try removing the package and re-installing it.

Sventovit · 25 June 2018 06:41

It worked for 2 years with the same scripts and suddenly it breaks. Maybe this is related to cascading errors?

Sventovit · 25 June 2018 08:33

EDIT
I had to erase this post as I’m not sure of anything now.

dillthedog · 25 June 2018 13:58

Jun 24 18:02:13 osmc rc.local[309]: curl: (60) SSL certificate problem: certificate has expired

This looks like a possible cause. Have a look at /etc/rc.local and see what SSL certificate it’s referring to. The instructions for NUT at 9. NUT daisychain support notes do talk about generating a key/certificate pair, so it might be related to that:

Use the following command to create the certificate:

openssl req -new -x509 -nodes -out upsd.crt -keyout upsd.key

You can also put a -days nnn in there to set the expiration.

You might have given it a 2-year expiration, which is why it is failing now.

Looking at the log, the UPS side seems to be functioning correctly.

Sventovit · 25 June 2018 15:05

Thank you so much for your answer.

No trace of SSL certificate in the rc.local file.
I only got this:

#!/bin/sh -e

rc.local

This script is executed at the end of each multiuser runlevel.

Make sure that the script will “exit 0” on success or any other

value on error.

In order to enable or disable this script just change the execution

bits.

By default this script does nothing.

sleep 5
/etc/nut/online
exit 0

I don’t remember having to manage a certificate at the installation.

And I dont’ know to fix this issue since I’m total newbie.

dillthedog · 25 June 2018 15:41

It’ll be here: /etc/nut/online, which I assume is a shell script.

Please run paste-log /etc/nut/online and let us know the URL.

Sventovit · 25 June 2018 15:57

This is what I got:

#!/bin/bash
/usr/bin/curl “https://smsapi.free-mobile.fr/sendmsg?user=12345678&pass=jeXXUGetJGZUvF&msg=Raspberry%20en%20ligne”

(I have to change the user’s ID for security reason).

Is Curl the application which needs a certificate?

dillthedog · 25 June 2018 16:35

The site smsapi.free-mobile.fr has an expired certificate:

osmc@osmc::~$ wget https://smsapi.free-mobile.fr/
--2018-06-25 17:22:45--  https://smsapi.free-mobile.fr/
Resolving smsapi.free-mobile.fr (smsapi.free-mobile.fr)... 212.27.40.200
Connecting to smsapi.free-mobile.fr (smsapi.free-mobile.fr)|212.27.40.200|:443... connected.
ERROR: cannot verify smsapi.free-mobile.fr's certificate, issued by ‘CN=RapidSSL SHA256 CA,O=GeoTrust Inc.,C=US’:
  Issued certificate has expired.
To connect to smsapi.free-mobile.fr insecurely, use `--no-check-certificate'.

Sventovit · 25 June 2018 16:42

Oh!
The problem was there!
Do you know where I can use this option?

Is it here:

curl “https://smsapi.free-mobile.fr/sendmsg?user=12345678&pass=jeXXUGetJGZUvF&msg=Alerte!%20Panne%20de%20courant!”

joakim_s · 25 June 2018 17:04

grahamh · 25 June 2018 17:04

It looks like the option you would need for curl is -k or --insecure. You would have to add it to every line which sends an sms using curl.

But better to get free-mobile.fr to renew their certificate.

Sventovit · 26 June 2018 07:30

Oh!
It seems the provider has renewed its certificate.
Whatever I have added

-k, --insecure

this way

curl -k, --insecure “https://smsapi.free-mobile.fr/sendmsg?user=12345678&pass=jeXXUGetJGZUvF&msg=Alerte!%20Panne%20de%20courant!”

to avoid any trouble with this service.

I’ve spent almost a day to find the reason of this issue, and thanks to you all,
I would not have found it without your help.

Case is closed.
Sorry for the inconvenience…

TheHacker66 · 26 June 2018 07:54

Wait, it should be either -k or --insecure, the first is a “shortcut” version of the second switch.

So it has to be like this:

curl -k “https://smsapi.free-mobile.fr/sendmsg?user=12345678&pass=jeXXUGetJGZUvF&msg=Alerte!%20Panne%20de%20courant!”

Sventovit · 26 June 2018 08:18

Corrected.
Thanks a lot