[squid-users] [ext] Squid quits while starting?!

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Fri Sep 29 06:38:39 UTC 2023


* Bud Miljkovic <bud_miljkovic at trimble.com>:


> # Intercept transparent HTTPS traffic
> https_port 3129 intercept ssl-bump cert=/etc/squid/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> ssl_bump splice all
> sslcrtd_program /usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB

^ I think the portion above is relevant for this error

> 2023/09/29 15:02:52| helperOpenServers: Starting 5/32 'ssl_crtd' processes
...
> 2023/09/29 15:02:52| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3129 remote=[::] FD 29 flags=41
> 2023/09/29 15:02:52| WARNING: ssl_crtd #Hlpr1 exited
> 2023/09/29 15:02:52| Too few ssl_crtd processes are running (need 1/32)
> 2023/09/29 15:02:52| Closing HTTP port [::]:3128
> 2023/09/29 15:02:52| Closing HTTPS port [::]:3129
> FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

I assume the "sslcrtd_program" (set to "/usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB")
is indeed not starting up (or crashing immediately after).

* What does "dmesg" report?
* What happens if you invoke "/usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB"
  by hand (as the squid user, I guess)


Also read
https://squid-users.squid-cache.narkive.com/w0JgcN24/need-assistance-debugging-squid-error-ssl-ctrd-helpers-crashing-too-quickly

which seems to imply that you need to initialize the DB first:
/usr/libexec/ssl_crtd -c -s /var/lib/ssl_db

-- 
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin

Tel. +49 30 450 570 155
ralf.hildebrandt at charite.de
https://www.charite.de


More information about the squid-users mailing list