Comments (5)
jkassis
commented on June 3, 2024
seeing this when loading the cert...
[I] jkassis@Jeremys-MBP ~ [124]> ws "wss://pubsub.shinetribe.media/connPut?ConnUUID=b3f0b2d8-f5f8-452c-83fc-c476ecb7a3df" 01.02 16:36
x509: certificate has expired or is not yet valid: current time 2022-01-02T16:36:11-08:00 is after 2022-01-02T01:42:28Z
[I] jkassis@Jeremys-MBP ~ [1]> 01.02 16:36
from openshift-acme.
jkassis
commented on June 3, 2024
brought the pods down and the "leader election blocked" logs reappear. proceeding as if this is normal. looking at the certificate status, it appears that the cert is up for re-issue on 02-01, which seems odd given that the fetched cert has already expired.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
creationTimestamp: '2021-10-04T02:24:53Z'
generation: 3
managedFields:
- apiVersion: cert-manager.io/v1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:commonName': {}
'f:dnsNames': {}
'f:issuerRef':
.: {}
'f:kind': {}
'f:name': {}
'f:secretName': {}
manager: Mozilla
operation: Update
time: '2021-10-04T02:38:51Z'
- apiVersion: cert-manager.io/v1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
'f:privateKey': {}
'f:status':
.: {}
'f:conditions': {}
'f:notAfter': {}
'f:notBefore': {}
'f:renewalTime': {}
'f:revision': {}
manager: controller
operation: Update
time: '2021-12-03T01:42:28Z'
name: pubsub-shinetribe-media
namespace: fg
resourceVersion: '307455716'
selfLink: /apis/cert-manager.io/v1/namespaces/fg/certificates/pubsub-shinetribe-media
uid: a528dc92-636c-40c8-862e-38dfa6986cc7
spec:
commonName: pubsub.shinetribe.media
dnsNames:
- pubsub.shinetribe.media
issuerRef:
kind: Issuer
name: le-wildcard-issuer
secretName: cert-pubsub-shinetribe-media
status:
conditions:
- lastTransitionTime: '2021-10-04T02:42:30Z'
message: Certificate is up to date and has not expired
observedGeneration: 3
reason: Ready
status: 'True'
type: Ready
notAfter: '2022-03-03T00:44:07Z'
notBefore: '2021-12-03T00:44:08Z'
renewalTime: '2022-02-01T00:44:07Z'
revision: 3
from openshift-acme.
jkassis
commented on June 3, 2024
Seems like the algo that determines the renewal time is broken?!? Here's what my browser gets for that cert... roughly 1D off.
from openshift-acme.
tux-o-matic
commented on June 3, 2024
I believe problem has been there all along.
Forced to delete the Pods once in a while to ensure renewal process gets triggered.
from openshift-acme.
brianorwhatever
commented on June 3, 2024
encountering this issue as well. have tried force deleting the pods and bringing running pods down to 0 and bringing it back up but lock still held by some ghost
from openshift-acme.
Related Issues (20)
- Document effect of cert renewal on Route HOT 6
- Routes being deleted by openshift-acme HOT 3
- Route is missing CertKey, no exposer route created HOT 2
- Error creating new order :: too many failed authorizations HOT 5
- Exposer pods continue to run after cert is issued HOT 2
- Adding an option to have an alternate certificate chain HOT 5
- Add support for NetworkPolicy HOT 7
- OpenShift's "haproxy.router.openshift.io/rewrite-target" gets copied to exposer route HOT 4
- Exposer route gets HostAlreadyClaimed HOT 9
- Failure to apply certificate on web console HOT 5
- Publish openshift-acme as an operator in https://operatorhub.io/ HOT 2
- 'AcmeFailedOrder' Order failed: <nil> HOT 5
- Removing `DST Root CA X3` certificate from the docker image HOT 6
- Require image for ARM64 architecture HOT 1
- exposer routes rejected for a passthrough route with a secret to mount HOT 1
- Cert renewal errors and fails to recover if signing cert took too long.
- Route needs new certificate: Route is missing CertKey
- Update images at quay.io because of security issues
- Versions updated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openshift-acme.