Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 4443: use_tmp_dh_file: ASN1 lib (PEM routines) [asio Topic is solved

[Robert28]

Hi all,

after updating I got:

Code: Select all

Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 4443: use_tmp_dh_file: ASN1 lib (PEM routines) [asio.ssl:76021773]
Error: WebServer(SSL) check if no other application is using port: 4443

No other application is listening on 4443...

Any advice how to solve this issue?

BR,

[waltervl]

What did you do to enable ssl / https?

[Robert28]

Enabling it via the comman line options:

Code: Select all

./domoticz -www 8080 -sslwww 4443-sslcert /opt/domoticz/server_cert.pem 

[waltervl]

And if you use default port 443 it works ?
Further I have no clue about using https so I hope somebody else has an idea to find the issue here.

[Robert28]

As expected when you are running Domoticz as a non-root user:

Code: Select all

Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 443: use_tmp_dh_file: ASN1 lib (PEM routines) [asio.ssl:76021773]
Error: WebServer(SSL) check privileges for opening ports below 1024

443 is a privileged port....

[waltervl]

So when running Domoticz as root with port 4443 will it work?

[Robert28]

Nope, 4443 is a unprivileged port, so being root or non-root is not a difference.

[jvdz]

Enabling it via the comman line options:

Code: Select all

./domoticz -www 8080 -sslwww 4443-sslcert /opt/domoticz/server_cert.pem 

You do have a space after 4443 as that doesn't show in this post?

[Robert28]

Oeps, yes I have...

[mooninite]

I am seeing the same exact error message.

Previously working environment:
Fedora 38 x86_64 - Boost 1.78 - Domoticz 2023.2

Broken environment:
Fedora 39 x86_64 - Boost 1.81 - Domoticz 2023.2

Workaround:
Set the '-ssldhparam' parameter to '/dev/null' and Domoticz will start the web service with SSL. Example: 'domoticz -www 0 -sslwww 8443 -sslcert /var/lib/domoticz/domoticz.pem -sslpass none -sslmethod tlsv12_server -ssloptions default_workarounds -ssldhparam /dev/null -approot /usr/share/domoticz -dbase /var/lib/domoticz/domoticz.db -userdata /var/lib/domoticz/ -loglevel 2'

I believe there was a change in Boost that Domoticz needs to update to be compatible with.

[gizmocuz]

@mooninite , do you know if something has changed on the boost site?

Are you using the default domoticz certificate with the DH params included?

What happens when you create a new certificate (also including the DH Params), or create a new certificate but keep the DH Params in a separate file?

Feel free to create a Github issue referencing this topic

[Robert28]

Still an error:

Code: Select all

 Error: [web:4443] missing SSL DH parameters from file /dev/null

But it works!

[gizmocuz]

I tested with Visual Studio 2022 with boost 1.84 and experience no issues.

[gizmocuz]

I have no issues on my production machines.
HTTPS working fine with the standard certificate

[Robert28]

Domoticz 2023.2 (build 15780) running on Fedora 39 X86_64 with boost 1.81 has still the issue...