Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate renew fails #1023

Closed
tamalsaha opened this issue May 8, 2018 · 5 comments
Closed

Certificate renew fails #1023

tamalsaha opened this issue May 8, 2018 · 5 comments
Labels
bug

Comments

@tamalsaha
Copy link
Contributor 

  Warning  CertificateInvalid  56m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  51m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  46m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  41m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  36m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  31m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  26m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  21m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  16m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  11m   voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  6m    voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
  Warning  CertificateInvalid  1m    voyager operator  Secret "tls-prod-certs" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]
@tamalsaha tamalsaha mentioned this issue May 8, 2018
Closed
@drf
Copy link
Contributor

drf commented May 8, 2018

I was about to open pretty much the sam issue - I can confirm this happens both on 5.0.11 and 6.0.0. Moreover, on 5.0.11, when/if the certificate is renewed, it is necessary to kill/restart the voyager pod for HAProxy to pick up the change. On 6.0.0 apparently this doesn't happen.

@drf
Copy link
Contributor

drf commented May 8, 2018

Other details: restarting the operator (aka killing the pod) triggers, correctly, a renewal event which succeeds. I'm wondering if maybe this has anything to do with the operator running for a long time and failing to renew certificates for any reason (possibly related to the memory consumption bug? just guessing 100% here).

@tamalsaha
Copy link
Contributor Author

@drf , the bug is in lego library it seems. I have filed an issue there. In the meantime, I check this particular type of error. In this happens then, we try to issue a new cert instead of trying to renew it. #1025 . This fix has been added to master and 6.0 release.

@tamalsaha tamalsaha added the bug label May 10, 2018
@tamalsaha
Copy link
Contributor Author

tamalsaha commented May 12, 2018
edited

To fix this problem, I had to delete the old acme account and start over. :(

@tamalsaha
Copy link
Contributor Author

xref: #1134

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drf @tamalsaha