Core 141 OpenVPN Certificate generation broken

In short my problem…
Yesterday on Core 139 I can create a new client packages.
To day I upgrade to Core 141… When i create a new client and i click on “Save” Button the browser starts loading the site loading and loading,… (circle in tab is running). After 1 or 2 minute I a get a connection error.
I go back to OpenVPN page but no new client is created.
I delete all X509 certificates because they are old (not RFC conform) and try to create a new root certificate with Diffie 2048 Bit key… same error like with client package.

What can i do?

Hi svenf,
did you checked the error_log ? On some machines the DH-parameter needs longer time, even the WUI do not shows it, the OpenSSL process can do his job in behind in that case you should see this while generation via e.g. an

tailf /var/log/httpd/error_log



When i create only a new Diffie Parameters 2048 it needs 1 sec…
Here the Log:
[Fri Feb 28 10:42:01.217251 2020] [core:notice] [pid 3558:tid 129405027476096] AH00094: Command line: ‘/usr/sbin/httpd’
Killing PID 3182.
Using configuration from /var/ipfire/ovpn/openssl/ovpn.cnf
Revoking Certificate 05.
Data Base Updated
Using configuration from /var/ipfire/ovpn/openssl/ovpn.cnf
Using configuration from /var/ipfire/ovpn/openssl/ovpn.cnf
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time

I saved the old certificate, when i try to upload it…it runs in the same error. Maybe some directory rights are not correctly set.

If you create the X509 new, what messages are then in the error_log ?

Permission problems occured mostly causing because of the /tmp dir. Permission should be

drwxrwxrwt   3 root root 12288 Feb 28 17:01 tmp

Yesterday… I check the permission on /tmp -> ok. I try to generate a new root certificate and now is working. I can also create new client packages. I didn’t change anything on the configuration. Last week was only a reboot after power loss. Strange!

Yes indeed but most important that it works.