Peer certificate expired about fabric-ca HOT 7 CLOSED

There is information on certificate renewal and how to accomplish this when certificates have already expired here:

https://hyperledger-fabric.readthedocs.io/en/latest/certs_management.html#certificate-renewal

from fabric-ca.

Thanks for the information.
I have tried running the below :

fabric-ca-client reenroll --csr.keyrequest.reusekey --mspdir organizations/peerOrganizations/org.com/users/[email protected]/msp/keystore/ -u https://admin:adminpw@localhost:7056 --tls.certfiles /opt/docker/hyperledger/org/organizations/peerOrganizations/org.com/tlsca/tlsca.org.com-cert.pem

But I am getting the below error though my ca admin is already enrolled:

Could you please help as to what I am missing?

from fabric-ca.

Hello @bestbeforetoday ,

I have tried the below:

1. Log into the Server running the CA Server
2. Update the fabric-ca-client-config.yaml on /opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com with the hostname of the peer
3. Run the below:

export FABRIC_CA_CLIENT_HOME=/opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com/peers/peer0.org1.com/tls/ca.crt
export MSP_DIR=/opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com/peers/peer0.org1.com/msp
export CA_SERVER=https://admin:[email protected]:7056

4. Check fabric client identity:
   fabric-ca-client identity list -u https://admin:[email protected]:7056/ --tls.certfiles $FABRIC_CA_CLIENT_TLS_CERTFILES

5. Reenroll the certificate:
   fabric-ca-client reenroll --csr.keyrequest.reusekey --caname ca-org1 --mspdir $MSP_DIR -u $CA_SERVER --tls.certfiles $FABRIC_CA_CLIENT_TLS_CERTFILES

6. Copy /opt/docker/hyperledger/org1/organizations/peerOrganizations/org1.com/peers/peer0.org1.com/msp/signcerts/cert.pem to the destination vm in peer directory.

7. Restart Peer

Now for restart, I ran docker-compose down and then docker-compose up.

After running docker-compose up, I am facing a panic error as below now:

2023-05-24 13:05:58.870 UTC 043b WARN [lifecycle] handleMetadataUpdatesForChannel -> no metadata found on channel 'testchannel': could not get channel config for channel 'testchannel'
2023-05-24 13:05:58.870 UTC 043c DEBU [lockbasedtxmgr] invokeNamespaceListeners -> Invoking listener for state changes:lifecycle cache listener
2023-05-24 13:05:58.870 UTC 043d DEBU [cceventmgmt] HandleStateUpdates -> Channel [testchannel]: Handling state updates in LSCC namespace - stateUpdates=map[string][]*kvrwset.KVWrite{"_lifecycle":[]*kvrwset.KVWrite{(*kvrwset.KVWrite)(0xc003d534f0), (*kvrwset.KVWrite)(0xc003d53540)}}
2023-05-24 13:05:58.870 UTC 043e INFO [cceventmgmt] HandleStateUpdates -> Channel [testchannel]: Handling deploy or update of chaincode [msgchaincode-exp-llp]
2023-05-24 13:05:58.870 UTC 043f DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/metadata/msgchaincode-exp-llp
2023-05-24 13:05:58.871 UTC 0440 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/EndorsementInfo
2023-05-24 13:05:58.871 UTC 0441 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Collections
2023-05-24 13:05:58.871 UTC 0442 DEBU [cceventmgmt] HandleChaincodeDeploy -> Channel [testchannel]: Handling chaincode deploy event for chaincode [[]]
2023-05-24 13:05:58.871 UTC 0443 DEBU [lockbasedtxmgr] invokeNamespaceListeners -> Invoking listener for state changes:lscc state listener
2023-05-24 13:05:58.871 UTC 0444 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/metadata/msgchaincode-exp-llp
2023-05-24 13:05:58.871 UTC 0445 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Sequence
2023-05-24 13:05:58.871 UTC 0446 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/EndorsementInfo
2023-05-24 13:05:58.871 UTC 0447 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/ValidationInfo
2023-05-24 13:05:58.871 UTC 0448 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Collections
2023-05-24 13:05:58.871 UTC 0449 DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/metadata/msgchaincode-exp-llp
2023-05-24 13:05:58.871 UTC 044a DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/EndorsementInfo
2023-05-24 13:05:58.871 UTC 044b DEBU [statecouchdb] GetState -> GetState(). ns=_lifecycle, key=namespaces/fields/msgchaincode-exp-llp/Collections
2023-05-24 13:05:58.871 UTC 044c INFO [gossip.gossip] Stop -> Stopping gossip
2023-05-24 13:05:58.871 UTC 044d DEBU [gossip.gossip] handlePresumedDead -> Exiting
2023-05-24 13:05:58.871 UTC 044e DEBU [gossip.gossip] acceptMessages -> Exiting
2023-05-24 13:05:58.871 UTC 044f DEBU [gossip.discovery] handleMessages -> Stopped
2023-05-24 13:05:58.871 UTC 0450 INFO [gossip.discovery] Stop -> Stopping
2023-05-24 13:05:58.871 UTC 0451 INFO [gossip.discovery] Stop -> Stopped
2023-05-24 13:05:58.871 UTC 0452 DEBU [gossip.discovery] handleEvents -> Stopped
2023-05-24 13:05:58.871 UTC 0453 INFO [gossip.comm] Stop -> Stopping
2023-05-24 13:05:58.871 UTC [grpc] InfoDepth -> DEBU 01c [core]Channel Connectivity change to SHUTDOWN
2023-05-24 13:05:58.871 UTC 0454 DEBU [gossip.comm] serviceConnection -> Closing reading from stream
2023-05-24 13:05:58.871 UTC [grpc] InfoDepth -> DEBU 01d [core]Subchannel Connectivity change to SHUTDOWN
2023-05-24 13:05:58.871 UTC 0455 DEBU [gossip.comm] writeToStream -> Closing writing to stream
2023-05-24 13:05:58.871 UTC 0456 DEBU [gossip.comm] Stop -> Shut down connection store, connection count: 0
2023-05-24 13:05:58.871 UTC 0457 DEBU [gossip.comm] readFromStream -> Got error, aborting: rpc error: code = Canceled desc = context canceled
2023-05-24 13:05:58.871 UTC [grpc] InfoDepth -> DEBU 01e [transport]transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2023-05-24 13:05:58.871 UTC 0458 DEBU [gossip.comm] func1 -> Exiting Accept() loop
2023-05-24 13:05:58.871 UTC 0459 INFO [gossip.comm] Stop -> Stopped
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x1056c06]

goroutine 1 [running]:
github.com/hyperledger/fabric/common/policies.SignatureSetToValidIdentities({0xc0000117b8, 0x1, 0x9d90e7?}, {0x0, 0x0})
/go/src/github.com/hyperledger/fabric/common/policies/policy.go:368 +0x126
github.com/hyperledger/fabric/common/cauthdsl.(*policy).EvaluateSignedData(0xc003e92f00, {0xc0000117b8?, 0x0?, 0x9?})
/go/src/github.com/hyperledger/fabric/common/cauthdsl/policy.go:91 +0xa5
github.com/hyperledger/fabric/core/common/privdata.(*MembershipProvider).AmMemberOf(0xc00026a770, {0xc0037c2f10?, 0xc00251dfa8?}, 0xc003e966c0)
/go/src/github.com/hyperledger/fabric/core/common/privdata/membershipinfo.go:60 +0x20e
github.com/hyperledger/fabric/core/ledger/kvledger.(*collElgNotifier).elgEnabled(0xc000314cc0, {0xc0037c2f10, 0xc}, 0x14?, 0xa?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/coll_elg_notifier.go:132 +0x39
github.com/hyperledger/fabric/core/ledger/kvledger.(*collElgNotifier).elgEnabledCollNames(0xc000287350?, {0xc0037c2f10, 0xc}, 0xc003d2e462?, 0xc003e9c0c0?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/coll_elg_notifier.go:117 +0x258
github.com/hyperledger/fabric/core/ledger/kvledger.(*collElgNotifier).HandleStateUpdates(0xc000314cc0, 0xc003d21c00)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/coll_elg_notifier.go:70 +0x2f3
github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr.(*LockBasedTxMgr).invokeNamespaceListeners(0xc0003fbc00)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr/lockbased_txmgr.go:470 +0x3e7
github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr.(*LockBasedTxMgr).ValidateAndPrepare(0xc0003fbc00, 0xc003d24408, 0x0?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr/lockbased_txmgr.go:183 +0x38d
github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr.(*LockBasedTxMgr).CommitLostBlock(0xc0003029a0?, 0xc003d24408)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/txmgmt/txmgr/lockbased_txmgr.go:584 +0xc6
github.com/hyperledger/fabric/core/ledger/kvledger.(*kvLedger).recommitLostBlocks(0x16cbb60?, 0x44, 0x44, {0xc003d29530?, 0x1, 0x1})
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:481 +0x2db
github.com/hyperledger/fabric/core/ledger/kvledger.(*kvLedger).syncStateAndHistoryDBWithBlockstore(0xc0003029a0)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:409 +0x3c5
github.com/hyperledger/fabric/core/ledger/kvledger.(*kvLedger).recoverDBs(0xc0003029a0?)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:354 +0x5c
github.com/hyperledger/fabric/core/ledger/kvledger.newKVLedger(0xc0003028f0)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger.go:164 +0x5de
github.com/hyperledger/fabric/core/ledger/kvledger.(*Provider).open(0xc00026a8c0, {0xc0037c2f10, 0xc}, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger_provider.go:378 +0x4a6
github.com/hyperledger/fabric/core/ledger/kvledger.(*Provider).Open(0xc00026a8c0, {0xc0037c2f10, 0xc})
/go/src/github.com/hyperledger/fabric/core/ledger/kvledger/kv_ledger_provider.go:330 +0x127
github.com/hyperledger/fabric/core/ledger/ledgermgmt.(*LedgerMgr).OpenLedger(0xc000296e80, {0xc0037c2f10, 0xc})
/go/src/github.com/hyperledger/fabric/core/ledger/ledgermgmt/ledger_mgmt.go:211 +0x193
github.com/hyperledger/fabric/core/peer.(*Peer).Initialize(0xc0000001e0, 0xc0037e8120, 0x1973c7e?, {0x1b4dbc0?, 0xc0037bb8f0}, {0x1b5cec8, 0xc000287350}, {0x1b4bd60, 0xc0027435e0}, {0x1b50460, ...}, ...)
/go/src/github.com/hyperledger/fabric/core/peer/peer.go:512 +0x269
github.com/hyperledger/fabric/internal/peer/node.serve({0x1430ac0?, 0xc000215d18?, 0xc000215cf0?})
/go/src/github.com/hyperledger/fabric/internal/peer/node/start.go:770 +0x4e9a
github.com/hyperledger/fabric/internal/peer/node.glob..func6(0x23a3cc0?, {0x2437948?, 0x0?, 0x0?})
/go/src/github.com/hyperledger/fabric/internal/peer/node/start.go:129 +0x56
github.com/spf13/cobra.(*Command).execute(0x23a3cc0, {0x2437948, 0x0, 0x0})
/go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:762 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0x23a4640)
/go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:852 +0x2dc
github.com/spf13/cobra.(*Command).Execute(...)
/go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:800
main.main()
/go/src/github.com/hyperledger/fabric/cmd/peer/main.go:56 +0x392

from fabric-ca.

I have enabled FABRIC_CA_SERVER_CA_REENROLLIGNORECERTEXPIRY as true for CA-Server and my CA-Server is of version 1.5.5 but still while reenrolling I am getting the below error:

Error: Failed to reenroll 'peer0': POST failure of request: POST https://0.0.0.0:8054/reenroll
{"hosts":["peer0.org1.com","0.0.0.0"],"certificate_request":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBCDCBrwIBADAQMQ4wDAYDVQQDEwVwZWVyMDBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABCwVvW+GXz0fkiz4fNsOyoYwRQ7iVwHo+bhqZ6Hq7VsOURWY4Yi9zUBi\nleXwdNqQVBD2g+fZVUV8goHwuRXGyAagPTA7BgkqhkiG9w0BCQ4xLjAsMCoGA1Ud\nEQQjMCGCGXBlZXIwLmN1c3RvbXNjbGllbnQwNS5jb22HBAAAAAAwCgYIKoZIzj0E\nAwIDSAAwRQIhAIHL5+uL76aDMdbrgBOEvJSb9g3BofFGofAx1gNB7edOAiA7hQh3\n/G1bv73lzKuYwR9WL72LJ7uHN0tPQptRYGua0Q==\n-----END CERTIFICATE REQUEST-----\n","profile":"tls","crl_override":"","label":"","NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","CAName":"tlsca-org1"}: Post https://0.0.0.0:8054/reenroll: x509: certificate has expired or is not yet valid

Please help!

from fabric-ca.

This problem is solved. Looked like that the TLS CA Certs and CA Certs, all of them had expired and needed renewal. Hence closing this ticket.

from fabric-ca.