Probably you noticed, that #OPNsense can generate a certificate for your HTTPS needs. However, if you choose the algorithm secp521r1, you will notice that Safari/Chrome will not open your page, but #firefox will (hurray!!!).
This is because, Chrome removed the Elliptic Curve 521 support in about 2015…

Link: https://security.stackexchange.com/a/100995

Well… yeah, it is obvious for everyone, but I lost two evenings of intensive debugging 😭

So, to solve this issue - select secp384r1.

I am currently testing a sacred knowledge about #LXC mount points within unprivileged containers… doh, I know, it sounds too nerdy 😭
My goal is to create a #mongodb container with the shared DB folder (backups mostly, if the container dies). Its user is:

𝗆𝗈𝗇𝗀𝗈𝖽𝖻:𝗑:𝟣𝟢𝟤:𝟨𝟧𝟧𝟥𝟦::/𝗇𝗈𝗇𝖾𝗑𝗂𝗌𝗍𝖾𝗇𝗍:/𝗎𝗌𝗋/𝗌𝖻𝗂𝗇/𝗇𝗈𝗅𝗈𝗀𝗂𝗇

To test the UID, I decided to create an empty file. The link from here describes my error and solution: https://serverfault.com/q/351046 (not mine):

𝗌𝗎 -𝗌 /𝖻𝗂𝗇/𝖻𝖺𝗌𝗁 -𝖼 '𝗍𝗈𝗎𝖼𝗁 𝗍𝖾𝗌𝗍.𝗍𝗑𝗍' 𝗆𝗈𝗇𝗀𝗈𝖽𝖻

Today I learned one thing about #OPNsense (Kea & ISC). If you want to play with Kea on one of your VLANs, you cannot simply enable Kea DHCP, because ISC exclusively occupies the port 67 on **all** available interfaces, regardless that you unchecked your VLAN interface explicitly (source: https://forum.opnsense.org/index.php?topic=42804.0)

This was taken from logs:

DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: … failed to bind fallback socket to address 192.168.50.1, port 67, reason: Address already in use…

https://github.com/search?q=erorr&type=code

Happy log analyzing...😭