Today I rebooted my Yunohost box (olimex lime2) for the first time since the “stretch” upgrade some two weeks ago.
Unfortunately I can no longer access the decryption page (the one with the Capricorn) to unlock and boot the box.
Upon boot, I do see the box showing up in my router, let’s say with ip 192.168.1.10.
With an attached monitor I also see the “healthy” u-boot messages before the screen goes into “blank-with-only-cursor-blinking” mode. This is a normal behaviour I also saw before the upgrade to “stretch”.
When I then try to access https:///192.168.1.10 via Firefox (either 52.9.0 or 61.0) I get
Firefox can’t establish a connection to the server at 192.168.1.10
The site could be temporarily unavailable or too busy. ...
The expectation would have been that I get a “self-signed” certificate exception instead, which I then manually have to grant permission for to continue.
Likewise a curl command fails with
$ curl -k -L -v https://192.168.1.10
* Rebuilt URL to: https://192.168.1.10/
* Trying 192.168.1.10...
* TCP_NODELAY set
* connect to 192.168.1.10 port 443 failed: Connection refused
* Failed to connect to 192.168.1.10 port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.1.10 port 443: Connection refused
Questions:
Has anybody tested to boot “stretch” upgrated encrypted box? Did it work?
What has changed in stretch upgrade that might have broken internetcube decrypted boot process?
How can we further debug the internetcube decrypted boot process? (for example, avoid the blank screen to see what’s going on, use serial console to see logging?)
Answers:
Is this a “modern” browser problem that is to strict on the self-signed certificate? --> does not seem to be the case, see answer/example with self-signed certificate below
Notice / Warning:
For the people who have an encrypted box …
… and are still on “jessie”: maybe you should wait with the upgrade to “stretch” …
… and are on “stretch”: maybe you should try not to reboot your box …
Hi,
Similar problem here:
1.1. Successfully install an encrypted brique internet
1.2. command-line upgrade to stretch
-> ping ok
-> ssh server offer (but I don’t have the required key)
-> no decryption unicorn (no web server)
2.1. Successfully install an encrypted brique internet
2.2. Web upgrade to stretch
-> ping ok
-> ssh server offer (but I don’t have the required key)
-> no decryption unicorn (no web server)
I’m interested please in:
a workaround to decrypt the box (from the network) after the faulty upgrade
an fix for the upgrade
testimonies of successful upgrades of encrypted boxes (brique internet or not)
I experienced the same issue a while ago, and because of it I’m still stuck on Yunohost 2.7. For installation I used an encrypted image from the internetcu.be project, but it looks like Yunohost itself does not support encrypted storage.
So I’m planning to re-install Yunohost at some point, without encrypted storage. Unless there are any workarounds available?