[Nut-upsuser] upsmon Can not initialize SSL context (letsencrypt) #563
Charles Lepple
clepple at gmail.com
Thu Jun 28 12:14:00 BST 2018
On Jun 28, 2018, at 4:30 AM, Roger Price <roger at rogerprice.org> wrote:
>
> On Wed, 27 Jun 2018, tech wrote:
>
>> It was a access right violation on /etc.../letsencrypt/....cert . The folder was own by root:root
>> Had to create a group nutusers including root and my nut users. After that, had to change the chmod for the folder from 755 to 775
>> Now, running upsc -l
>> Init SSL without certificate database
>> 850PRO
>> Witch is better. But still problématic wuth the init ssl database warning.
>
> Without using SSL certificates, command "upsc -l" always gives me the STDERR message "Init SSL without certificate database". It means that the client cannot find the certificate, and is falling back to plaintext transmission of the password. Perhaps this is not what you need.
upsc does not send a password when querying an UPS (or listing them with "-l"). For upsmon, you can select (via FORCESSL) whether it will fall back to plaintext if it cannot establish a SSL session.
I would definitely recommend starting with a dummy password, and using tcpdump or Wireshark to verify that the password is not being sent in the clear.
More information about the Nut-upsuser
mailing list