You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Levani Kokhreidze (Jira)" <ji...@apache.org> on 2020/08/08 12:03:00 UTC

[jira] [Created] (KAFKA-10375) Restore consumer fails with SSL handshake fail exception

Levani Kokhreidze created KAFKA-10375:
-----------------------------------------

             Summary: Restore consumer fails with SSL handshake fail exception
                 Key: KAFKA-10375
                 URL: https://issues.apache.org/jira/browse/KAFKA-10375
             Project: Kafka
          Issue Type: Bug
          Components: streams
    Affects Versions: 2.6.0
            Reporter: Levani Kokhreidze
         Attachments: stacktrace.txt

After upgrading to 2.6, we started getting "SSL handshake fail" exceptions. Curios thing is that it seems to affect only restore consumers. For mTLS, we use dynamic certificates that are being reloaded automatically every X minutes.

We didn't have any issues with it, up until upgrading 2.6 and other stream processing jobs running Kafka 2.4 don't have similar problems.

After restarting the Kafka Streams instance, issue goes away.

 

From the stacktrace, it's visible that problem is:
{code:java}
Aug 07 10:36:12.478 | Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Aug 07 07:45:16 GMT 2020 
{code}
Seems like somehow restore consumer gets stuck with old certificate and it's not refreshed.

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)