Couple of strange issues here..
Firstly, the SSL cert that was working is now throwing an error NET::ERR_CERT_AUTHORITY_INVALID.
After this error, I changed the domain for Pi-hole in pihole.toml to another domain, which takes you to the login screen, but once logged it, it refreshes about 5-10 times then logs me back out.
https://tricorder.pi-hole.net/ItSIYRAU/
Your FTL log shows a lot of unauthorized errors like this:
2023-11-07 21:33:09.367 [933/T2243] WARNING: API: Unauthorized
Did you change the password?
Nope, no password change. It does login me in sucessfuly and I am loaded into the dashboard, but then just loops and logs me out
Did you delete /etc/pihole/tls.pem after you changed the domain? If not, please do so and restart Pi-hole. This will generate a new certificate for the new domain.
I have also noted my dashboard as disabled 2FA and changed my upstream servers? Nothing I have done myself?
Maybe your pihole.toml got corrupted and FTL recreated it with default values?
Yes, that looks like it. The SSL stopped working as it had replaced it back to the old TLS, not the one I had specified. Strange.
DL6ER
November 8, 2023, 4:33pm
8
This should be fixed by
pi-hole:development-v6 ← pi-hole:fix/read_rotated_toml_on_error
opened 02:36PM - 06 Nov 23 UTC
# What does this implement/fix?
If reading `pihole.toml` fails during startup… of FTL, we should restore from the last known-to-be-good rotated config file in `/etc/pihole/config_backups` and only if they don't exist (migrating from v5.x -> v6.0), we start importing the legacy files.
Note that this problem is actually *not* an issue when the config file is modified and becomes invalid *while* FTL is running. In this case, FTL simply discards the file and overwrites it with its current configuration (which is in this case the last-known-to-be-good one).
This fixes an observation by @yubiuser where incorrectly escaped Umlauts triggered a "partial config reset". This was actually not a partial reset but FTL trying to restore from your previous v5.x files. This is fixed in this PR be instead using `/etc/pihole/config_backup/pihole.toml.X` (`X = 1,2,3`) to recreate `/etc/pihole/pihole.toml`.
---
**Related issue or feature (if applicable):** N/A
**Pull request in [docs](https://github.com/pi-hole/docs) with documentation (if applicable):** N/A
---
**By submitting this pull request, I confirm the following:**
1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1)
5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
## Checklist:
- [x] The code change is tested and works locally.
- [x] I based my code and PRs against the repositories `developmental` branch.
- [x] I [signed off](https://docs.pi-hole.net/guides/github/how-to-signoff/) all commits. Pi-hole enforces the [DCO](https://docs.pi-hole.net/guides/github/dco/) for all contributions
- [x] I [signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) all my commits. Pi-hole requires signatures to verify authorship
- [x] I have read the above and my PR is ready for review.
which ensures config corruption will only send you back one iteration to the last known-to-work configuration instead of writing a configuration altogether anew.
1 Like