ok thanks for the info. ran a couple of queries and I think I have a potential solution. the caveat here is that I dont have a raspberry pi to test this with so no idea how accurate this is (I have a nanopi but it doesnt run the official pi OS)
===========================================
If you are unable to log in directly to the Raspberry Pi, you need to modify the files on the SD card from another computer. This allows you to force the system to boot directly into a shell, bypass the login screen, and recover your access.
Step 1: Edit the cmdline.txt file
- Shut down your Raspberry Pi and remove the microSD card.
- Insert the microSD card into your computer's card reader.
- Navigate to the boot partition on the card.
- Open the file named cmdline.txt using a text editor like Notepad++ (Windows) or TextEdit (macOS).
- Append init=/bin/sh to the end of the file on the same line, with a space before it - ie: console=serial0,115200 console=tty1 root=/dev/mmcblk0p7 rootfstype=ext4 ... init=/bin/sh
- Save and close the file.
Step 2: Boot into single-user mode
- Safely eject the microSD card from your computer.
- Insert the card back into your Raspberry Pi and power it on.
- The system will boot into single-user mode, providing a root shell prompt (#) without asking for a password.
Step 3: Remount the filesystem as read-write - the root filesystem will be mounted as read-only in single-user mode, so you must remount it as read-write to make changes.
At the prompt, run the following command:
mount -o remount,rw /
Step 4: Fix the login issue - depending on your specific problem, use one of the following methods:
Method A: Change your password
If you have forgotten your password, this is the easiest solution. Run the passwd command, replacing pi with your username if it's different:
passwd pi
Create & confirm a new password.
Method B: Enable autologin
If you want to bypass the login process entirely and boot directly to the command line, use raspi-config.
- Launch the configuration tool:
raspi-config
- Navigate to System Options > Boot / Auto Login.
- Select Console Autologin to boot to the command line without a password.
- Exit the utility, and reboot when prompted.
Method C: Fix a graphical login loop
If you are stuck in an endless graphical login loop, the issue is often related to file permissions.
1. Run the following command to correct permissions for your home directory:
Code:
sudo chown -R pi:pi /home/pi
(Replace pi with your username if necessary).
You can also try backing up and removing the .Xauthority file, which stores session credentials:
mv /home/pi/.Xauthority /home/pi/.Xauthority.backup
Step 5: Undo the changes and reboot
After fixing the issue, you must revert the cmdline.txt file to its original state.
- Before rebooting, unmount and remount the filesystem as read-only for safety:
mount -o remount,ro /
- Run the reboot command:
reboot
- Remove the microSD card as it restarts.
- Insert the card back into your computer and edit cmdline.txt to remove the init=/bin/sh text you added earlier.
- Save the file, and re-insert the card into your Pi.
Your Raspberry Pi should now boot normally with the changes you made.
===========================================
===========================================
===========================================
ok, after that, now redo the certificate
Generate a new SSL certificate and configure NGINX
If your old SHA1 certificate has expired, you will need to replace it. A modern, secure alternative is to use a new self-signed certificate with a stronger SHA-256 hash.
Step 1: Generate a new SHA-256 self-signed certificate
Create a directory for your SSL certificates:
sudo mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
Create a configuration file for the certificate request.
This is needed for modern browsers that require a Subject Alternative Name (SAN):
sudo nano opensprinkler.cnf
Paste the following content into the file and save:
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = [CountryCode]
ST = [State]
L = [City]
O = OpenSprinkler
OU = Home Automation
CN = opensprinkler.local
[v3_req]
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = opensprinkler.local
DNS.2 = localhost
IP.1 = 127.0.0.1
Generate the private key and the new self-signed certificate using the configuration file:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -config /etc/nginx/ssl/opensprinkler.cnf
Step 2: Configure NGINX as a reverse proxy
Open the NGINX default site configuration file:
sudo nano /etc/nginx/sites-available/default
Replace the default server block with the following, adjusting the IP address and port, if necessary:
nginx
server {
listen 80;
server_name opensprinkler.local;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name opensprinkler.local;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass
http://192.168.1.10:8080
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Save the file and exit the editor.
Test the NGINX configuration for syntax errors:
sudo nginx -t
Reload NGINX to apply the changes:
sudo systemctl reload nginx
You can now access your OpenSprinkler web UI securely at
https://opensprinkler.local. Your browser will warn you that the certificate is self-signed and not trusted, but you can proceed past the warning.
===========================================
had to edit this a bit the formatting was really odd and some of the commands were showing emoji so I used the codeblock format once as well. hopefully that works for you. if not I suspect you'll need someone else who has a similar setup, or you may need to scrap the entire config & set up a new install of piOS with a brand new config.
