New Member
Posts: 6
Registered: ‎01-28-2018

"DEBUG Unable to load SSL Client certs file from /tmp/udapi-bridge-ca.pem.3xu2n7"

[ Edited ]

Hello,

 

I have several APs (prismstations running XC.V8.5.12) on a new site and all of them are unable to connect to our UNMS server (v0.13.3, hosted in AWS with a FQDN). Other devices on our network connect fine.

 

It does not appear to be a reachability issue from the site as all the devices can ping and traceroute to the UNMS server. NTP is correct too.

 

/etc/log/unms.log on the device/s just endlessly loops the following:

 

Mar 10 12:59:13 udapi-bridge[5704]: connection error (unms.my-fqdn:443): Timed out waiting SSL

Mar 10 12:59:14 udapi-bridge[5704]: unms: connecting to unms.my-fqdn:443

Running "sudo udapi-bridge -k -v" (as I have seen others on the forum do) returns:

 

2019-03-10 12:46:39 DEBUG ping unms.my-fqdn: 65.961000
^[[1;2C2019-03-10 12:46:54 DEBUG LLDP: Touching DB entry (local port 1, name: eth0): from: b4:fb:e4:xx-xx-xx , remote port: '7' (type: 'Locally assigned'), ttl: 120
2019-03-10 12:47:00 ERROR connection error (unms.my-fqdn:443): Timed out waiting SSL
2019-03-10 12:47:00 DEBUG session_destroy: session UNMS(0x459a88) not found
2019-03-10 12:47:00 DEBUG unms rx: name=unms-status socket=internal id=fake session=2c27c56 payload={
  "ws_log_time":"2019-03-10 12:47:00 ",
  "ws_log_line":"connection error (unms.my-fqdn:443): Timed out waiting SSL",
  "ws_log_lvl":3,
  "unms_status_desc":"Connection Error: SSL not present on dest. port",
  "unms_status":4
}
2019-03-10 12:47:01 INFO  unms: connecting to unms.my-fqdn:443
2019-03-10 12:47:01 DEBUG unms rx: name=unms-status socket=internal id=fake session=2c27c56 payload={
  "ws_log_time":"2019-03-10 12:47:01 ",
  "ws_log_line":"unms: connecting to unms.my-fqdn:443",
  "ws_log_lvl":1
}
2019-03-10 12:47:01 DEBUG unms rx: name=unms-startPing socket=internal id=fake session=2c27c56 payload={
  "pingHost":"unms.my-fqdn",
  "pingIntervalWhenUp":30000,
  "pingIntervalWhenDown":5000
}
2019-03-10 12:47:02 DEBUG file_reader_perform: waitpid: 0
2019-03-10 12:47:02 DEBUG ping unms.my-fqdn: 62.436000
2019-03-10 12:47:18 DEBUG LLDP: Sending LLDP packet on port 1 (eth0)
2019-03-10 12:47:18 DEBUG LLDP: Some data on port 2 (eth1) were not sent
2019-03-10 12:47:18 DEBUG LLDP: Sending LLDP packet on port 2 (eth1)
2019-03-10 12:47:23 ERROR connection error (unms.my-fqdn:443): Timed out waiting SSL
2019-03-10 12:47:23 DEBUG session_destroy: session UNMS(0x45b6e8) not found
2019-03-10 12:47:23 DEBUG unms rx: name=unms-status socket=internal id=fake session=2c27c56 payload={
  "ws_log_time":"2019-03-10 12:47:23 ",
  "ws_log_line":"connection error (unms.my-fqdn:443): Timed out waiting SSL",
  "ws_log_lvl":3,
  "unms_status_desc":"Connection Error: SSL not present on dest. port",
  "unms_status":4
}
2019-03-10 12:47:24 INFO  unms: connecting to unms.my-fqdn:443
2019-03-10 12:47:24 DEBUG unms rx: name=unms-status socket=internal id=fake session=2c27c56 payload={
  "ws_log_time":"2019-03-10 12:47:24 ",
  "ws_log_line":"unms: connecting to unms.my-fqdn:443",
  "ws_log_lvl":1
}
2019-03-10 12:47:24 DEBUG unms rx: name=unms-startPing socket=internal id=fake session=2c27c56 payload={
  "pingHost":"unms.my-fqdn",
  "pingIntervalWhenUp":30000,
  "pingIntervalWhenDown":5000
}
2019-03-10 12:47:24 DEBUG file_reader_perform: waitpid: 0

I have rebooted all these devices and also tried disabling and re-enabling unms in the device settings. Nothing seems to have worked.

 

Any ideas on what the issue/fix might be?

 

 

Ubiquiti Employee
Posts: 3,430
Registered: ‎09-08-2017
Kudos: 1314
Solutions: 257

Re: "DEBUG Unable to load SSL Client certs file from /tmp/udapi-bridge-ca.pem.3xu2n7"

@doublezingers  Hello Jeremy. Your issue seems to be very similar to this thread. The detailed error you posted is saying that there was not enough time to completely finish the SSL handshake. Can you please check if your MTU is configured correctly? Is it possible that connectivity to UNMS is very slow, have a high latency? Another option is that the UNMS server is overloaded and doesn't manage to complete the SSL handshake in time. If you send us UNMS support info, we can analyze it and confirm or deny this suspicion. Please, send those files to the email radek.skrivan(at)ubnt.com, and include your forum name and URL of this thread in the message. In case the files are too big, please use a file sharing service such as Google Drive.

UBNT_Alternate_Logo.png
UNMS Support - If you want to report an issue please use this guide.

Check out our ever-evolving Help Center for answers to many common questions!

Highlighted
New Member
Posts: 6
Registered: ‎01-28-2018

Re: "DEBUG Unable to load SSL Client certs file from /tmp/udapi-bridge-ca.pem.3xu2n7"

Thanks, I emailed you the information.

 

I don't think it is MTU or a performance issue as there are over 100 other devices in uNMS, all connecting from the same network as the problematic devices - so I think it must be an issue that is specific to the configuration on those devices.

New Member
Posts: 13
Registered: ‎06-30-2017
Kudos: 1
Solutions: 1

Re: "DEBUG Unable to load SSL Client certs file from /tmp/udapi-bridge-ca.pem.3xu2n7"

Hello @doublezingers, I recommands you to take a look at https://community.ubnt.com/t5/UNMS-Beta/UNMS-Reverse-Proxy-HaProxy/m-p/2714225#M11705 where I had the same error.
New Member
Posts: 6
Registered: ‎01-28-2018

Re: "DEBUG Unable to load SSL Client certs file from /tmp/udapi-bridge-ca.pem.3xu2n7"

Thanks, however I am not using my own reverse proxy, just using the default/out of the box uNMS reverse proxy and SSL config.
New Member
Posts: 13
Registered: ‎06-30-2017
Kudos: 1
Solutions: 1

Re: "DEBUG Unable to load SSL Client certs file from /tmp/udapi-bridge-ca.pem.3xu2n7"

I know, but you may miss a cipher somewhere ! : )