FTL new version cannot be installed due to?

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

Downloading new version as announced

Actual Behaviour:

pi@AD:~ $ sudo pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
/opt/pihole/update.sh: Zeile 82: /usr/bin/pihole-FTL: Datei oder Verzeichnis nicht gefunden (Directory not found)
[i] FTL: update available

[i] FTL out of date

[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL.../tmp/tmp.KBGUtB2TMI /home/pi
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
/home/pi
[✗] Downloading and Installing FTL
Error: URL not found

Debug Token:

7k0repwbin

EDIT: Worked wonderful for a few days. Suddenly FTL broke down. Fiddling around for hours now.
Something with s3.amazonaws / github may have changed, because s3.amazonaws lists are not updating anymore.

3

Hello, from Germany.
I still have issues when trying to install that FTL. Nothing worked.
I have wiped out pihole completetly fron ma Raspi und reinstalled it with the script.
but it did no help. Something has changed with the amazon aws server over here.

With the blocking list i have tried this, but it was refuse every time
https://s3-1-w.amazonaws.com/lists.disconnect.me/simple_tracking.txt

Every time I try to update it alwas look like this.

[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL.../tmp/tmp.fw2We44wJi /home/pi
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
/home/pi
[✗] Downloading and Installing FTL
Error: URL not found
root@AD:/home/pi# pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
/opt/pihole/update.sh: Zeile 82: /usr/bin/pihole-FTL: Datei oder Verzeichnis nicht gefunden
[i] FTL: update available

[i] FTL out of date

[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL.../tmp/tmp.kZAdD5tQYr /home/pi
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
/home/pi
[✗] Downloading and Installing FTL
Error: URL not found
root@AD:/home/pi# pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
/opt/pihole/update.sh: Zeile 82: /usr/bin/pihole-FTL: Datei oder Verzeichnis nicht gefunden
[i] FTL: update available

[i] FTL out of date

[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL.../tmp/tmp.drfr7eiuBQ /home/pi
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
/home/pi
[✗] Downloading and Installing FTL
Error: URL not found

EDIT (24.7.18-13:45 local):
Meanwhile there are 2 more points:
Can it happen that there are different ports beeing used during automated installaton (80/8080/443) ?

Maybe the certificate(a) have been killed/changed by some reason?

Any idea?
Unfortunately, if this cannot be solved, pihole is useless (for me and friends)
regards DC5MN

4

Have you added this URL to the blocklists ?
If so, everything is wrong with that URL.

First, access is not allowed:

pi@noads:~ $ curl -k -s https://s3-1-w.amazonaws.com/lists.disconnect.me/simple_tracking.txt
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AllAccessDisabled</Code><Message>All access to this object has been disabled</Message><RequestId>4B62484E9E4D97DE</RequestId><HostId>2FYQi4T8CGVJQsb5TxvK7DJfDLZ1FFuYbfWXQ2s2q1t5Mzq2EWV5cTJfzAvZf/PeoY7fPWOGOMQ=</HostId></Error>

And second, the common name (CN=*.s3.amazonaws.com) and alternative names (Subject Alternative Name: DNS:s3.amazonaws.com) in the SSL cerificate do not match the requested domain (s3-1-w.amazonaws.com) from the URL:

pi@noads:~ $ echo | openssl s_client -connect s3-1-w.amazonaws.com:443 2>/dev/null | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:51:b5:92:fa:53:cf:20:52:b8:b7:0f:27:5c:c1:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2
        Validity
            Not Before: Sep 22 00:00:00 2017 GMT
            Not After : Jan  3 12:00:00 2019 GMT
        Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3.amazonaws.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:b9:8a:de:36:2c:7f:fc:58:56:84:13:b3:bd:
                    e1:72:4c:83:8f:13:7a:78:02:33:6e:42:f4:ed:1d:
                    51:a3:c6:3a:76:75:fa:81:9f:ec:33:6f:76:8f:cc:
                    19:5a:00:5b:98:5f:3d:7f:56:aa:36:37:d0:ac:ae:
                    2a:21:6f:f2:e0:1b:c9:7f:bd:07:3a:bc:28:c2:e3:
                    76:f1:b1:cd:83:2a:6d:2c:5e:00:f4:81:7f:5c:8c:
                    74:2c:83:11:cf:20:5b:eb:e1:da:e5:ce:fb:1f:50:
                    78:f8:22:38:0a:0e:aa:e8:cb:cf:24:bf:a7:ba:52:
                    58:f5:0a:50:7f:24:a4:c8:0f:f7:d4:4f:a0:3f:e5:
                    44:d6:cf:00:5a:f7:41:e2:6b:ec:3f:f1:df:13:53:
                    28:11:c2:6e:91:38:4b:10:47:40:cd:36:18:2b:b6:
                    0d:26:10:b6:09:b7:85:f6:66:0f:bf:41:07:51:23:
                    e1:4d:6f:33:48:60:88:eb:bd:78:52:f0:9b:27:1b:
                    9e:b9:d4:f2:c6:b8:0e:4b:e6:50:99:6f:c6:22:0f:
                    e4:fb:cd:c1:e6:b0:9b:f4:1e:a0:7e:90:93:fc:c3:
                    17:7d:27:af:ee:40:bf:d2:14:84:4e:2e:02:19:75:
                    1f:63:8c:a8:fa:7b:f5:27:c9:db:0c:6d:be:63:6d:
                    df:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:C0:12:B2:28:74:68:46:67:E9:70:25:74:1A:00:45:5B:06:7D:5C:44

            X509v3 Subject Key Identifier:
                90:15:9A:3B:1F:55:40:EE:E3:83:BD:D4:CF:D4:8E:A2:74:C2:EA:C8
            X509v3 Subject Alternative Name:
                DNS:*.s3.amazonaws.com, DNS:s3.amazonaws.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl

                Full Name:
                  URI:http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         72:77:09:db:9a:bc:13:4f:08:6d:09:c9:19:f6:50:c6:a0:4f:
         ad:74:31:5c:86:31:46:e7:d7:72:cd:7d:48:e1:b1:d5:b6:15:
         54:c2:31:28:73:75:71:9e:0b:e6:29:bd:dc:a8:b7:07:cd:71:
         cd:76:81:1d:7d:f4:6d:c3:42:22:11:ea:cf:46:c9:3b:37:18:
         76:a7:51:d6:47:77:2e:fc:7c:a9:92:a1:a5:39:b2:40:0e:2c:
         35:0d:7e:14:0e:86:fb:df:98:5e:be:a7:06:37:d3:34:ae:7f:
         4f:fc:06:cf:2b:41:c2:9f:9b:a8:90:b0:e6:6d:ea:9e:ea:ed:
         58:81:d2:4b:9b:8b:24:03:f5:ac:52:c3:02:7e:c6:58:db:b4:
         62:67:e0:75:eb:6f:a5:68:30:f4:a1:18:a8:bc:ec:79:cc:aa:
         f3:1b:fd:f2:00:55:6e:b7:3d:81:7e:e7:77:41:e9:d4:df:3b:
         75:e2:db:67:cc:50:9c:32:58:25:5b:da:2a:7d:f1:cc:c1:0d:
         52:9b:1f:f7:d1:c7:03:a2:7a:1a:d4:4d:36:86:73:66:c5:e2:
         f2:07:0a:26:3e:a7:7f:65:8c:ba:cd:22:56:d1:a4:a2:d4:36:
         9d:91:9b:22:7e:9a:fa:e4:0c:20:4a:e3:79:b8:61:21:41:ab:
         34:82:5b:0d
5

Hi, and thanks for your reply. I am far away from the knowledge how to handle cetrificares. iT WAS JUST A GUESS, when i found that rhe servername has changed.
I just want to get this thing running.

THIS ist the very point that stops Raspi form loading FTL
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (AS ABOVE)

My research showed various possibilities. From wrong IP Numbers to wrong certificates.to not permitted acces...
OpenSSL 1.1.0f 25 May 2017 is installed.
Regards

6

Your doing that on purpose :wink:
I dont know what its trying to curl.
Maybe the devs can have a look at the token.

7

good humoured-- thanks

8

Just noticed this:

Seems I started it :wink:

EDIT: ohw and check date/time with the "date" command on Pi-hole as SSL cetrificares have validity period:

Validity
    Not Before: Sep 22 00:00:00 2017 GMT
    Not After : Jan  3 12:00:00 2019 GMT
9

It looks like it is just a certificate issue on their end, so unless there is a mirror available you can't use that list.

10

EDIT: Hi, Mcat12,
thanks for repliing. I have tried a new installation via 2 different ways
One, direct with curl ---| bash
The other via dietpi. But the result is the same.
When I tried pihole --up today I received "Problems with Githob.com" first and than
the mentioned message again. Really mysterious.
Thanks for having a look. I don't care about the amazonaws list. My main problem is that I am not able to download the new FTL version as dexcribed.
Have just done this:
root@AD:/home/pi# pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
/opt/pihole/update.sh: Zeile 82: /usr/bin/pihole-FTL: Datei oder Verzeichnis nicht gefunden
[i] FTL: update available

[i] FTL out of date

[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL.../tmp/tmp.f7cm0aEOpZ /home/pi
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
/home/pi
[✗] Downloading and Installing FTL
Error: URL not found

So, how else can I get FTL? As of now, without FTL my pihole ist not working any more.

Thanks and regards
DC5MN

11

Run pihole -d and from the debug log, copy the sections at the top that start with

*** [ DIAGNOSING ]: Core version

and end with

*** [ DIAGNOSING ]: Processor

and post here. If you would like, upload the debug log to the tricorder and put the token here so the devs can look at the whole log if required.

12

thanks. will do

13

Your doing that on purpose ... again :wink:
If you suspect something going wrong curling from Github, try below three:

pi@noads:~ $ host -t a github.com
github.com has address 192.30.253.112
github.com has address 192.30.253.113

pi@noads:~ $ curl -I https://github.com
HTTP/1.1 200 OK
Server: GitHub.com
Date: Fri, 27 Jul 2018 14:01:37 GMT
Content-Type: text/html; charset=utf-8
Status: 200 OK

pi@noads:~ $ echo | openssl s_client -connect github.com:443 2>/dev/null | openssl x509 -text -noout | grep 'CN=\|DNS:'
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
        Subject: businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550, C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com
                DNS:github.com, DNS:www.github.com

Ohw and of course check date/time with the "date" command.

14

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.