Ok, I spent the better part of my weekend following the newbie documentation, and I am super impressed and thankful for all the work you put into this amazing project.
I tried to be extra thorough not to break the box while doing this but it seems that I managed to do exactly that. After successfully installing teddycloud on a Raspberry Pi 5 and flashing the ESP32 using a UARD and the recommended clamps (they work great btw) I reassembled the box.
Checking the web interface I see that teddycloud is now connected to Boxine. However, the box does not show up in the interface.
I ran “docker logs teddycloud —follow ” and there seems to be a problem with the client.der and/or the private.der since I get this output:
INFO |settings.c:0770:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |settings.c:0770:settings_load_ovl| Load settings from /teddycloud/config/config.ini
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/ca-root.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/ca-key.pem’ detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/teddy-cert.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/teddy-key.pem’ detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/ca.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/ca.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/client.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/client.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/private.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/private.der’ failed
INFO |settings.c:0770:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0394:tls_adapter_init| Loading certificates…
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/ca-root.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/ca-key.pem’ detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/teddy-cert.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/teddy-key.pem’ detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/ca.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/ca.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/client.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/client.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/private.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/private.der’ failed
INFO |toniesJson.c:0279:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0279:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 4880663
INFO |toniesJson.c:0099:tonies_update| Updating tonies.json from api.revvox.de…
INFO |cloud_request.c:0162:web_request| Connecting to HTTP server api.revvox.de:443…
[…]
I have a backup from ca.der, client.der, and private.der but copying in the backup files does not change anything. Since I am connected to Boxine I assume that ca.der is fine.
I can read out ca.der and client.der using openssl. However, I cannot get anything out of private.der.
Thus, I am afraid there is an error in private.der, which is also present in my backup.
I just wanted to ask if anybody has a smart idea before I probably have to label this Toniebox as e-waste. The only glimmer of hope is that I saved the tb.esp32.bin I made when I read out the chip using esptool. However, I have no idea how to potentially get the damaged private.der from that file. And even if I managed there ist the chance that is is also damaged.
Sorry for the language post but I did not find anybody who ran into a similar problem. After flashing the box most people seem to have no problems.
This makes no sense to me. You say the webinterface shows it is connected to boxine (how you checked it?)
But teddyCloud has no valid client certs, so this is technically impossible.
How did you extract the certificates? Did you properly rename same to lowercase? Did you check the file permissions?
The box is not connected to the cloud, how did you ensure the box connects to teddycloud?
There are two reasons why I assume that my TeddyCloud server is connected to the Boxine-Cloud:
When I check the classic web interface, there are executed cloud requests listed under " Server Statistics".
When I switch to the new Interface, the Boxin-Icon on the top right corner is green. It was read until I flashed the Tonie-Box.
I used the web interface to flash the box. To do so, I connected to TeddyCloud on my Raspberry Pi from a Windows machine using Google Chrome. To flash the box I enter the IP address of my Raspberry Pi .
In my router, I made sure that the Raspberry Pi always is assigned with the same IP and I opened port 443 so the Box can connect to it.
Edit: Sorry, I forgot: Yes all certificates are lower case:
root@teddycloud:/teddycloud/certs/client# ls
ca.der client.der private.der
So I spent some more time on it and did the following:
I opened up the box, loaded my backup file and flashed the box again.
I copied ca.der, client.der, and private.der to “certs/client/“ to be sure that the versions match the files on the box.
I checked the webinterface and the tony cloud still shows a connection to Boxine but the box itself is not showing up.
The server is showing some activity:
Server Statistics
Connections made to this server 158
Reverse proxy calls made by clients 12
Cloud requests executed 2
Blocked cloud requests 10
Failed cloud requests 0
I deactivated the Cloud in the webinterface and closed all windows with the webinterface.
I did a freshnessCheck and only get a chime with a “Tada”
I ran docker logs but still get error messages for the certificate in /certs/client.
INFO |settings.c:0770:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |settings.c:0770:settings_load_ovl| Load settings from /teddycloud/config/config.ini
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/ca-root.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/ca-key.pem’ detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/teddy-cert.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/teddy-key.pem’ detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/ca.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/ca.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/client.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/client.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/private.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/private.der’ failed
INFO |settings.c:0770:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0394:tls_adapter_init| Loading certificates…
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/ca-root.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/ca-key.pem’ detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0208:read_certificate| File ‘/teddycloud/certs/server/teddy-cert.pem’ assumed PEM style
INFO |tls_adapter.c:0205:read_certificate| File ‘/teddycloud/certs/server/teddy-key.pem’ detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/ca.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/ca.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/client.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/client.der’ failed
ERROR|tls_adapter.c:0193:read_certificate| Failed to open ‘/teddycloud/certs/client/private.der’ for cert type detection
ERROR|tls_adapter.c:0380:load_cert| Loading cert ‘/teddycloud/certs/client/private.der’ failed
INFO |toniesJson.c:0279:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0279:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 4880663
INFO |toniesJson.c:0099:tonies_update| Updating tonies.json from api.revvox.de…
INFO |cloud_request.c:0162:web_request| Connecting to HTTP server api.revvox.de:443…
INFO |cloud_request.c:0212:web_request| trying IP: xxx.xxx.xxx.xxx
INFO |cloud_request.c:0038:httpClientTlsInitCallbackBase| Initializing TLS…
cyclone/cyclone_crypto/cipher/aes.c:268:55: runtime error: left shift of 213 by 24 places cannot be represented in type ‘int’
cyclone/cyclone_crypto/cipher/aes.c:260:47: runtime error: left shift of 248 by 24 places cannot be represented in type ‘int’
cyclone/cyclone_crypto/cipher/aes.c:400:34: runtime error: left shift of 196 by 24 places cannot be represented in type ‘int’
INFO |cloud_request.c:0073:httpClientTlsInitCallbackBase| Initializing TLS done
cyclone/cyclone_crypto/cipher/aes.c:385:34: runtime error: left shift of 187 by 24 places cannot be represented in type ‘int’
cyclone/cyclone_crypto/cipher/aes.c:390:34: runtime error: left shift of 172 by 24 places cannot be represented in type ‘int’
cyclone/cyclone_crypto/cipher/aes.c:395:34: runtime error: left shift of 169 by 24 places cannot be represented in type ‘int’
src/cyclone/cyclone_crypto/mpi.c:792:48: runtime error: left shift of 154 by 24 places cannot be represented in type ‘int’
INFO |cloud_request.c:0317:web_request| HTTP code: 302
As you suggested, I checked the permissions for the three certificates they are all -rw-r–r-- so that should not be the problem because there are no limitations to reading them
At this point, I am out of ideas. I think the most likely scenario is that the certificates were damaged when I read them out, and therefore I cannot replace them from the flash dump file. This would probably mean that I bricked this box.
First: be sure you do another backup of your flash, just in case you have a second one
This means the box connects to something (most likely to boxine). Maybe you forgot to flash your modified image?
To test this, you could block the domain prod.de.tbs.toys in your router / DNS and restart your box and try a freshnessCheck or just put on an unknown figurine
First of all: Thank you for taking so much time do throubleshoot with me.
I just saw that I get an error when extracting my certificats from the ESP32_.bin. It is probably not relevant since the certificats are still extractet to certs/clien. But it is the only thing I can think of.
INFO |settings.c:0770:settings_load_ovl()| Load settings from /teddycloud/certs/client/config/config.overlay.ini
WARN |settings.c:0778:settings_load_ovl()| Config file does not exist, creating it…
INFO |settings.c:0670:settings_save_ovl()| Save settings to /teddycloud/certs/client/config/config.overlay.ini
ERROR|settings.c:0674:settings_save_ovl()| Failed to open config file for writing
INFO |settings.c:0770:settings_load_ovl()| Load settings from /teddycloud/certs/client/config/config.ini
WARN |settings.c:0778:settings_load_ovl()| Config file does not exist, creating it…
INFO |settings.c:0670:settings_save_ovl()| Save settings to /teddycloud/certs/client/config/config.ini
ERROR|settings.c:0674:settings_save_ovl()| Failed to open config file for writing
INFO |settings.c:0770:settings_load_ovl()| Load settings from /etc/teddycloud/config/config.overlay.ini
INFO |settings.c:0770:settings_load_ovl()| Load settings from /etc/teddycloud/config/config.ini
INFO |settings.c:0770:settings_load_ovl()| Load settings from /etc/teddycloud/config/config.overlay.ini
INFO |esp32.c:0547:esp32_get_partition()| Search for partition ‘assets’
INFO |esp32.c:0566:esp32_get_partition()| Found partition ‘assets’ at 0x00f000
INFO |esp32.c:0350:esp32_fat_extract_folder()| Write 'CERT\CA.DER to ‘/teddycloud/certs/client/CA.DER’ (1419 bytes)
INFO |esp32.c:0350:esp32_fat_extract_folder()| Write 'CERT\CLIENT.DER to ‘/teddycloud/certs/client/CLIENT.DER’ (1030 bytes)
INFO |esp32.c:0350:esp32_fat_extract_folder()| Write 'CERT\PRIVATE.DER to ‘/teddycloud/certs/client/PRIVATE.DER’ (1192 bytes)
You are correct. If I block internet access for the box I get an error (owl) freshnessCheck. The connection is probably still up from when I connected the box to update the firmware from Boxin right at the start.
This is super weird since I definitely flashed the box. I will do it once more after I did another backup.
After I extracted the certificate from my latest backup, I restarted the docker container, and somehow that did the trick.
“docker logs teddy cloud” now returns no more errors, and I see the box in the web interface.
The Tonie figurine which came with the box also showed up in the interface after I put her on the box.
Weirdly, every audio file I load into the library gets replaced by the message “Oho, ein Fehler, Codewort Eichhörnchen”, but I will figure that out somehow.
Most importantly: Thank you so much to the two of you and to everybody working on this amazing project. Is there a Patreon account or something similar I could use to buy the team some coffee?
Yes, I guess it is because I linked an audio file to a creativ toni. I guess teddycloud was downloading the audio file for the error message from Boxine and replacing the internal audio file with the audio of the error message. But that is not a big deal since I do not plan on buying additional creativ tonis. I hope I will manage to build my own tonis and fill up the teddycloud with audio books and music I already own.
I am just super relived that it is working now! And thank you for the tip sponsering the project on GitHub.