[SOLVED] SSL received a record that exceeded the maximum permissible length

Bug Web-UI
1

I had a working MineOS setup on Ubuntu, but with some software issues and drawbacks with the system (especially the bloat) I decided to move my server over to Arch. The pleasantries of systemd and having a lean system were well worth a few hours of backups (originally I had just used Ubuntu because I was lazy). However, there is one issue that completely hinders me from using MineOS.

Now, I never came across this on my old setup, but right away with the new one I come across this when I try to connect to the WebUI (after accepting the SSL certificate):

Secure Connection Failed

An error occurred during a connection to [IP Address]:8080. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Of course, my first thought was to clear the cert in my browser and try again. That did not work (on various operating systems and browsers, not to mention, even one of my admins tried and failed the same). Generating new certs has done nothing as well. I can also clarify that I am set to use HTTPS, as I have not changed a single line in the mineos.conf. There doesn’t seem to be anything wrong here:

[global]
server.socket_host = “0.0.0.0”
server.socket_port = 8080
server.commit_delay = 10

log.error_file = “/var/log/mineos.log”

server.ssl_module = “builtin”
server.ssl_certificate = “/etc/ssl/certs/mineos.crt”
server.ssl_private_key = “/etc/ssl/certs/mineos.key”
server.ssl_ca_certificate =
server.ssl_certificate_chain =

misc.server_as_daemon = True
misc.pid_file = “/var/run/mineos.pid”
misc.require_https = True
misc.base_directory = “/var/games/minecraft”
misc.localization = “en”

webui.mask_password = False

As noted in this unresolved post, it is questioned as to whether the person is using HTTPS. Just as their mineos.log does, mine says the WebUI is started on HTTP. Here is an excerpt:

[26/Aug/2014:02:48:27] ENGINE Bus STARTING
[26/Aug/2014:02:48:27] ENGINE Forking once.
[26/Aug/2014:02:48:27] ENGINE Daemonized to PID: 636
[26/Aug/2014:02:48:27] ENGINE Forking twice.
[26/Aug/2014:02:48:27] ENGINE Started monitor thread ‘_TimeoutMonitor’.
[26/Aug/2014:02:48:27] ENGINE PID 636 written to ‘/var/run/mineos.pid’.
[26/Aug/2014:02:48:27] ENGINE Started monitor thread ‘Monitor’.
[26/Aug/2014:02:48:27] ENGINE Started monitor thread ‘Autoreloader’.
[26/Aug/2014:02:48:27] ENGINE Serving on http://0.0.0.0:8080
[26/Aug/2014:02:48:27] ENGINE Bus STARTED

Naturally, this leads me to believe that a recent release has botched something in regards to the SSL, as my previous working install was from March and this latest install (from yesterday as well as repeated reinstalls) have only resulted in this error. Is it possible I am missing a dependency or something of that nature? I am sure the ports are open as I have Minecraft and Murmur running right now, despite this (I just manually launched the server in the meantime). If the answer is unknown, are there any recommended alternatives to MineOS I can use for now?

For further clarification, the MineOS is on Arch Linux with kernel x86_64 Linux 3.16.1-1-ARCH, no Xorg installed. MineOS was installed by hand using the guide.

I hope this can be resolved, thank you.

2

Hi Yurisuika, sorry to hear you’re running into trouble! I have looked into the issue and I have been able to reproduce it.

It turns out the problem is that Arch Linux’s pacman is currently pulling down a SSL-broken version of Cherrypy.

[root@arch log]# pacman -Q python2 python2-cherrypy
python2 2.7.8-1
python2-cherrypy 3.3.0-1

According to other posts on the Cherrypy Dev bitbucket, this is a known issue that exists in 3.3.0+. As the post directly above it suggests, however, using 3.2.3 will get it to work.

Since you won’t be able to use pacman to download an older version, here’s what you’ll need to do to fix it–I have confirmed these steps work:

pacman -R python2-cherrypy
pacman -S python2-pip
pip2 install cherrypy==3.2.3

First, I uninstalled the current version of cherrypy with the broken SSL. Next, I installed the pip python package manager. Finally, I downloaded a specific, known-working version of cherrypy. Although I now suspect this should be strictly enough, I did a “systemctl restart mineos.service” for good measure, to restart the cherrypy service. At this point, I verified I was able to log into the web-ui without issue. Thanks for providing sufficient background and showing you did due dilligence :).

If you have any other questions or concerns, don’t hesitate to ask!

Will

1 Like
3

Ah! You are spot on.

Thanks for the quick and thoughtful reply. MineOS makes managing servers much more versatile and dynamic.

4

I have this same problem with Debian both 7(stable) and 8(testing). However i cannot seem to install install cherrypy==3.2.3 Any suggestions? I ran mineos Turnkey no problem and love it. I just wanted to have newer system and fresh install.

5

On any installation I’ve done of Debian, the cherrpy ssl worked…did you have the same symptoms before going this route?

6

I updated my MineOS Turnkey server using the Webmin console, and ended up updating about 398 packages.

After the upgrade, I was receiving the exact same error as above, sl_error_rx_record_too_long.
I tried removing and re-installing the MineOS packages, tried re-making the cert files, no change.
I modified the above instructions and solved the problem:

apt remove python-cherrypy3
apt-get install python-pip
pip install cherrypy==3.2.3

Then I restarted the MineOS service with:

service mineos stop
service mineos start

Now my MineOS web gui is back up and seems to be working just fine. It does seem like the cherrypy3 package contains broken SSL.

7