upspin.io and key.upspin.io: certificate expired #367
Comments
|
Maybe the cause is this: #365 |
|
Looks like the frontend cert has been renewed, but the certs for key.upspin.io are still invalid. Kris Foster mentioned it on the upspin group here: https://groups.google.com/forum/#!topic/upspin/uE_T7yulgPk Here's a stacktrace when I try to run upspinfs on my local machine (with my personal information redacted): 2017/04/17 12:56:29.200429 dir/dircache.watcher: xxx@xxx.com: dir/remote.Watch("remote,upspin.xxx.xxx:443"): I/O error: |
paulhankin
changed the title
|
Seems to be fixed. |
|
Not for me. We're looking into it, but a number of people are out of town. Sorry for the delay. |
|
The current keyserver was deployed after Kris' change to deal with an x/crypto/acme/autocert change. It sees the cert that's there but isn't trying to refresh it. If I can figure out how, I'll revert to an older binary. |
|
There's a couple additional changes related to the Context package in acme/autocert since the original breaking change. It's not immediately obvious if they're related to this issue. I'll take a closer look this afternoon. |
|
Fixed for now by forcing a refresh by removing the old cert. We're still looking for the actual cause for the autocert code not causing a refresh. |
|
This is being tracked in the Go issue tracker: |
|
Should we close this issue? It's not something that we can fix in this project. |
|
I'd like to know when we don't have to worry about expiration. Keeping this open reminds me that we still do. I'd prefer to keep it open. |
|
Both upstream issues are closed, so closing this. |
Visiting https://upspin.io right now in chrome shows a Privacy Error screen.
It looks like the certificate for upspin.io expired yesterday. Today is 2017-04-16.
The text was updated successfully, but these errors were encountered: