Unsecure Website Error

My BrewBlox has been up and running for a few months now with the Tilt integrated. I’m on my 3rd fermentation batch and I started getting an error on Chrome and Safari that indicates the location of my BrewPi is “Unsecure” and the browsers wont let me get to the BrewPi. AND, when I go to Options and Security, it wont let me add the site to any “Safe” pages list. In fact there are no options provided to allow me to get to the network location.


Don’t know if it helps, but I also just started getting a “Waiting for Datastore” error as well, when I can get to the location of the BrewPi. Reminds me of the time-out errors with the Arduino version.

Depending on your current software version, the http:// version of the UI may also be accessible.

Can you click on a “more details” section for the error you’re getting? It’s possible the self-signed certificate has expired.

I’ve got a couple of shots of the UI on Chrome errors and note that on the site permissions, the areas “greyed” out are not selectable. That’s what seems strange.
Not Secure Message 01

so if I use https in Mozilla, it gives me more information.

1 - here is the top level response:

2 - If I click on “Advanced…” this is what I get next:
Not Secure Message 05

3 - And I’ve uploaded the certificate information in pdf form
Certificate for TRAEFIK DEFAULT CERT.pdf (82.3 KB)

Normally, in both Chrome and Firefox, when you click on “advanced”, there is a button labeled “accept the risk and continue”. Is that missing here?

Only in Firefox. And when I do, the site just times out. Last Friday, I finished fermenting a Lager and the dashboard loaded just fine thru the entire process.

I started a new fermentation last Friday as well. And it started fine, although I was getting the “Waiting for Datastore” message immediately. Now that doesn’t come up. Just the unsecure error and then the time-out.

I just now found this error in Chrome:

Not Secure Message 06

You could try and recreate the cert:

brewblox-ctl down
brewblox-ctl makecert
brewblox-ctl up

Then force refresh the UI, and check whether the certificate information changed. The certificate information in chrome should show “issued to: .”, and “issued by: .”.

That fixed it. I’m gonna have to learn more about certificates.
Thanks, Bob - !!!

Short version: SSL certs are required for encrypted (HTTPS) browsing. They are used to prove the identity of the server.

At a guess, the cert file in brewblox/traefik/ got deleted or corrupted. The traefik service will attempt to generate one on the spot, but that leads to the errors you saw.

I tried http for a couple of times for the websocket iPad bug, but the http interface is not available. Anything I can do to enable http?

Could you please run brewblox-ctl log? Http access was enabled in an update, but it’s possible to override that.

here you do! https://termbin.com/hv7q

and as always, thanks for your help

Config looks good, but the traefik service shows some TLS-related errors. You may want to run

brewblox-ctl makecert
docker-compose restart traefik

Edit: you are using http at port 6080? It looks like you updated the http port variable, and browsers will use http 80 unless explicitly told otherwise.

Running makecert gives me an error:

3069645712:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
Command 'docker run --rm -v "/home/pi/brewblox/traefik":/certs/ brewblox/omgwtfssl:edge' returned non-zero exit status 1.

Regarding 6080, I remember that now. I needed that when this installation was running o Synology, so totally my bad. Thanks for catching that!

Problem solved then =) I’ll have a look at makecert, see what triggered that error.

So I’m having the secure error on both http and https again, but this time I can override the https path and get into the UI.

I tried redoing the three commands you gave me (down, makecert, up) and this time I’m getting an error when running makecert:


Could you please run brewblox-ctl log? There seems to be something odd going on. Your cert file getting corrupted once is something that can happen, but twice definitely indicates either a bug or a configuration error.

Here’s a screen capture of the log: