New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

certificate has expired or is not yet valid #2902

Open
gdenn opened this Issue Dec 3, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@gdenn

gdenn commented Dec 3, 2018

Bug Report

Hi,

i encountered an error while logging into my concourse from using the cli login command.

fly -t stage login -c https://ci.de.a9s.eu/ --username <redacted> --password <redacted>

Error output was:

Get https://ci.de.a9s.eu/api/v1/info: x509: certificate has expired or is not yet valid

The strange thing is that i was logged in through the cli minutes before and still can auth with the UI.

I could circumvent the problem by using the --insecure flag for the login, but i think thats not a intended behaviour.

best,
D

Steps to Reproduce

Not able to tell what steps lead to this issue (appeared randomly)

Expected Results

Successful login via cli login cmd

Actual Results

Get https://ci.de.a9s.eu/api/v1/info: x509: certificate has expired or is not yet valid

Version Info

  • Concourse version: 4.2.1 / garden-runc 1.16.3 / postgres 28 / ubuntu-xenial 97.5
  • Deployment type (BOSH/Docker/binary): BOSH Cluster (bosh-concourse-dpeloyment)
  • Infrastructure/IaaS: vSphere
  • Browser (if applicable): Chrome
  • Did this used to work? Yes

Note

BOSH deployment logs are available -> just ask

@gdenn

This comment has been minimized.

gdenn commented Dec 3, 2018

It seems like i ran into this case which you test here:

Context("to new target with invalid SSL without -k", func() {
Context("without --ca-cert", func() {
BeforeEach(func() {
flyCmd = exec.Command(flyPath, "-t", "some-target", "login", "-c", loginATCServer.URL(), "-u", "some_user", "-p", "some_pass")
var err error
stdin, err = flyCmd.StdinPipe()
Expect(err).NotTo(HaveOccurred())
})
It("errors", func() {
sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter)
Expect(err).NotTo(HaveOccurred())
err = stdin.Close()
Expect(err).NotTo(HaveOccurred())
<-sess.Exited
Expect(sess.ExitCode()).To(Equal(1))
Eventually(sess.Err).Should(gbytes.Say("x509: certificate signed by unknown authority"))
})
})

The cert pool is created here

https://github.com/concourse/fly/blob/master/rc/target.go#L388-L412

For some reason the cert expires or becomes invalid..

best,
D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment