New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

certificate has expired or is not yet valid #2902

gdenn opened this Issue Dec 3, 2018 · 1 comment


None yet
1 participant

gdenn commented Dec 3, 2018

Bug Report


i encountered an error while logging into my concourse from using the cli login command.

fly -t stage login -c --username <redacted> --password <redacted>

Error output was:

Get x509: certificate has expired or is not yet valid

The strange thing is that i was logged in through the cli minutes before and still can auth with the UI.

I could circumvent the problem by using the --insecure flag for the login, but i think thats not a intended behaviour.


Steps to Reproduce

Not able to tell what steps lead to this issue (appeared randomly)

Expected Results

Successful login via cli login cmd

Actual Results

Get x509: certificate has expired or is not yet valid

Version Info

  • Concourse version: 4.2.1 / garden-runc 1.16.3 / postgres 28 / ubuntu-xenial 97.5
  • Deployment type (BOSH/Docker/binary): BOSH Cluster (bosh-concourse-dpeloyment)
  • Infrastructure/IaaS: vSphere
  • Browser (if applicable): Chrome
  • Did this used to work? Yes


BOSH deployment logs are available -> just ask


This comment has been minimized.

gdenn commented Dec 3, 2018

It seems like i ran into this case which you test here:

Context("to new target with invalid SSL without -k", func() {
Context("without --ca-cert", func() {
BeforeEach(func() {
flyCmd = exec.Command(flyPath, "-t", "some-target", "login", "-c", loginATCServer.URL(), "-u", "some_user", "-p", "some_pass")
var err error
stdin, err = flyCmd.StdinPipe()
It("errors", func() {
sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter)
err = stdin.Close()
Eventually(sess.Err).Should(gbytes.Say("x509: certificate signed by unknown authority"))

The cert pool is created here

For some reason the cert expires or becomes invalid..


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment