Certificate 'freenas_default' is expiring within 9 days

[Macaroni323]

I am getting this warning now in TrueNAS v13.0 U6.0.

"Certificate 'freenas_default' is expiring within 9 days"

I see fixes for FreeNAS v11 but nothing newer. Trying to follow these instructions.

How to renew TrueNAS certificate?

Hi, Been having some strange problems with my TrueNAS. In the alerts, i get the "Certificate 'freenas_default' has expired." error. When i check the certificates, i see that the current certificate is from 2013 and lasts to 2015. I have no clue to why the certificate is a couple of years old...

www.truenas.com

I think I have an internal certificate described. Though maybe it's incorrect...

But can't delete the freenas_default.

Error: Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 355, in run
await self.future
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 393, in __run_body
rv = await self.middleware.run_in_thread(self.method, *([self] + args))
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1159, in run_in_thread
return await self.run_in_executor(self.thread_pool_executor, method, *args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1156, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 985, in nf
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/crypto.py", line 2150, in do_delete
self.middleware.call_sync('certificate.check_dependencies', id)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1299, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1339, in run_coroutine
return fut.result()
File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 439, in result
return self.__get_result()
File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 391, in __get_result
raise self._exception
File "/usr/local/lib/python3.9/site-packages/middlewared/service.py", line 624, in check_dependencies
raise CallError('This object is being used by other objects', errno.EBUSY,
middlewared.service_exception.CallError: [EBUSY] This object is being used by other objects

Durandel had this problem in the link above and fixed it by "... just changing the certificate the web interface was using."

I have no clue how that's done.

Are there other places I need to move pointers from the old cert?

Do you have to reboot to get the new certificate to go active?

Will I be locked out if I messed up the certificate and delete the old one?

 

[Macaroni323]

Now updated to v13.0-u6.1 and I imported a configuration from v13.0-u5.3 (since my config hasn't changed hoping all my "hacks" on the CA and Certs would return to original). In all this flailing, I have managed to delete all the CAs. Trying to understand this but I'm clearly lost. Now the warning on the GUI webpage says "Certificate 'freenas_default' is expiring within 2 days" so I don't know where to go. Still can't delete the freenas_default cert.

 

[danb35]

But can't delete the freenas_default.

No, you can't; as the error message is telling you, it's in use, so it can't be deleted. You can ignore the message if you like--if you're using the cert at all, you're already getting certificate errors, so another one about it being expired won't hurt anything. Or, since you've already created a new cert, tell the UI to use that instead. Go to System -> General; it's the first setting there.

 

[Macaroni323]

Thanks danb35...

If you tell me enough it sinks in. Got it working (I think). In the TrueNAS webGUI, after going to "System" > "General" I adjusted the "GUI SSL Certificate" to my "made up" cert (it was on the pull-down selection) and then I was able to delete the freenas-default cert without a problem.

Is it possible to lose the "Not Secure" (in Google Chrome) and add this cert to the browser certification authority and trusted certificate settings?

I've set out already and took some (possibly wild) guesses... I've exported the .certauth and .cert files for my "made up" CA and Certificate from the TrueNAS webGUI. Then in the Google-Chrome browser, under "Settings" > "Privacy and security" > "Manage certificates" (and here's where I may have guessed wrong) under the tab "Trusted Root Certification Authorities" I imported the .certauth file. After a few warnings about knowing where this file comes from, I got a successful import message. Then under the tab "Trusted Publishers" I imported the .cert file and again I got a successful import message. Alas, I still have the "Not secure" tag on the TrueNAS webGUI. I'm guessing these files are imported to the wrong locations in the browser?

Any suggestions?