Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused #25

Closed
Fogelholk opened this issue Mar 29, 2023 · 2 comments
Closed

Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused #25

Fogelholk opened this issue Mar 29, 2023 · 2 comments

Comments

@Fogelholk
Copy link

Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused

The xapsd-daemon seems to stop responding to all dovecot requests when trying to renew the certificate, and Apple seems to either have problem, or have shut down the service to renew certs (I hope not!)

The cert generated for my server should work until 2023-04-21 07:50:19, but the service won't respond to dovecot requests because it's stuck in a loop trying to renew the cert, is there any workaround, or are we all gonna get shafted by Apple? :(
@freswa
Copy link
Owner

freswa commented Mar 29, 2023

Could you share some logs please?
identity.apple.com is responding just fine for me.

@Fogelholk
Copy link
Author

Very strange, never think I'd get blocked, but I was! I changed my external IP for this server and suddenly Apple started responding again! Not sure why they blocked one of our addresses to begin with. Sorry for the noise!

The logs were just spamming this about every second and xapsd never responded to Dovecot requests (since it never fully started I guess?)

2023-03-29T21:47:49.619777+02:00 s972 xapsd[11314] time="2023-03-29T21:47:49+02:00" level=warning msg="Certificate not valid after 2023-04-21 07:50:19 +0000 UTC - renewing..."
2023-03-29T21:47:49.781248+02:00 s972 xapsd[11314] 2023/03/29 21:47:49 Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused
2023-03-29T21:47:51.318340+02:00 s972 xapsd[11314] time="2023-03-29T21:47:51+02:00" level=warning msg="Certificate not valid after 2023-04-21 07:50:19 +0000 UTC - renewing..."
2023-03-29T21:47:51.479158+02:00 s972 xapsd[11314] 2023/03/29 21:47:51 Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused

As soon as I changed the external IP, the certificate was renewed successfully and xapsd happily started serving dovecot requests again.

I really thought it was already time for doomsday, since Apple seems to frown upon OS X Server :)

freswa added a commit that referenced this issue Mar 29, 2023
@freswa
fix renew timer firing infinitely
f6d5733 
This sets the maximum cert renewal request frequency to 6/hours

Improves behavior seen in #25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fogelholk @freswa