So after restoring v16 to a new v17 instance, everything for the most part is smooth sailing. The only straggler I seem to have is the UCP node daemon showing stopped. The ucp_err.log looks like what I’ve seen listed in a few other posts. See below.
We do not expose the FreePBX admin to the Internet at-large, as I have numerous things in place. So only a small private LAN subnet can even get to it. So my first thought was to disable TLS here. See below.
After doing so I applied the changes, and restarted the ucp service. The errors persist. I assume the next step would be to totally reboot the server? The ucp version appears to be 17.0.7 and the node version appears to be 18.20.4.
Moving from v16 to v17 means you move from OpenSSL 1.1.x to OpenSSL 3.0.x and there’s a huge difference. However, that error could be something else. Run this and give the output
What I don’t understand is I disabled TLS under Advanced Settings > UCP NodeJS Server. So wouldn’t this bypass TLS altogether? I restarted the ucp service and still saw the same errors in the ucp_err.log. Many of them.
I don’t even use this UCP node daemon so I just have it stopped for now. I just hate seeing the icon appear like that on the dashboard’s System Overview I guess…lol.
Yeah that’s your problem. 1024 bit certs haven’t really been a thing for almost a decade now. OpenSSL 3.x outright rejects it by default in it’s policy and NodeJS follows that policy.
Regenerate the cert to use 2048 bit or 4096 bit and your problem should go away. I’d use 4096 as 2048 is considered weak these days.
Yep, that did the trick! I didn’t want to fool with that, although I did see this mentioned in another post on here. I thought just disabling TLS for the UCP NodeJS server would ignore the situation. Appreciate the insight!
