New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security/acme-client: Node no longer exists warnings #333
Comments
It's an warning caused by the garbage collector of PHP 7 and it's harmless. We have, however, not found any clues as to how it can be fixed, there is some info available on the web but non applies in these circumstances (there have been a few commits to try to address this). We hope the jump to PHP 7.1 changes the behaviour of this warning. But it's quite impossible to know because we can't be sure why it is warning about it in the first place. |
@fichtner I expect the object is somewhere changed within the loop, which invalidates the next fetch of children(). A simple workaround could be to clone() the "$configObj->OPNsense->AcmeClient->certificates" object before iterating, but there might as well be a bug somewhere within the methods in the loop modifying the same object. The loop is a bit too complicated to inspect easily. |
Preliminary crash report examination seems to confirm my suspicion: PHP 7.0 garbage collection was too aggressive and 7.1 fixed this... |
@fichtner Just configured another Let's Encrypt setup on top of 17.7.9_9 and got this message again:
I'm pretty sure @AdSchellevis's assumption is correct, because the objects actually are changed within the loop. I have to collect all changes in the loop without modifying the object and commit all changes at the end of the run. That being said, I'm unsure how to implement this, so some advice how to properly do this would be very welcome. :) |
I finally have an idea how to properly fix this issue. Should be ready briefly after OPNsense 18.1 was released. UPDATE: Had to re-schedule due to other priorities; next ETA is 03/2018. |
super-awesome ❤️ |
is there en ETA for the FIX? |
A fix was committed and will be available in the next OPNsense release. All fearless people may apply the patch manually:
Please report back. |
@fraenki In the latest released version (1.15) the error still occurs:
Regards, |
I still see these warnings with lastest code:
|
@ssbarnea Could you please add the actual log message too? Because there are multiple places in the code where this issue may be found. Ideally you would provide the acme errors in context with everything else, this might help me to figure out what's going on and what triggers this error. To everyone else: If you find a way to reproduce these "node no longer exists" warnings, please share it with me. Currently I'm unable to reproduce it. |
Earlier today I got this Error message on a brand new installation. First I added a firewall rule to allow HTTP and HTTPS on the WAN interface. Second, I changed the key length to 2048 bit. I'm running Opnsense on a Celeron in a virtual machine and I guess, the PHP Warning is a timing issue. Now I do get a fine certificate =)
|
I keep getting the following bug on my dashboard :(
[22-Oct-2017 00:00:02 Etc/UTC] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 122 [23-Oct-2017 00:00:02 Etc/UTC] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 122
This is with the latest version of Opnsense as well. Any help appreciated!
The text was updated successfully, but these errors were encountered: