You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2021/11/30 22:20:00 UTC
[jira] [Commented] (AIRAVATA-3546) certbot renewal fails, missing ca certificate
[ https://issues.apache.org/jira/browse/AIRAVATA-3546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17451382#comment-17451382 ]
Marcus Christie commented on AIRAVATA-3546:
-------------------------------------------
This is related to change in Let's Encrypt's root certificate: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
I was able to fix by updating certbot and ca-certificates
{code}
sudo yum update certbot
sudo yum update python2-certbot-apache
sudo yum update ca-certificates
{code}
Versions installed:
{code}
Nov 30 21:58:23 Updated: python-setuptools-0.9.8-7.el7.noarch
Nov 30 21:58:24 Updated: python2-josepy-1.3.0-2.el7.noarch
Nov 30 21:58:24 Updated: python2-acme-1.11.0-1.el7.noarch
Nov 30 21:58:24 Installed: python2-distro-1.5.0-1.el7.noarch
Nov 30 21:58:25 Updated: python2-certbot-1.11.0-2.el7.noarch
Nov 30 21:58:41 Updated: certbot-1.11.0-2.el7.noarch
Nov 30 22:00:26 Updated: python2-certbot-apache-1.11.0-1.el7.noarch
Nov 30 22:07:18 Updated: p11-kit-0.23.5-3.el7.x86_64
Nov 30 22:07:18 Updated: p11-kit-trust-0.23.5-3.el7.x86_64
Nov 30 22:07:21 Updated: ca-certificates-2021.2.50-72.el7_9.noarch
{code}
> certbot renewal fails, missing ca certificate
> ---------------------------------------------
>
> Key: AIRAVATA-3546
> URL: https://issues.apache.org/jira/browse/AIRAVATA-3546
> Project: Airavata
> Issue Type: New Feature
> Components: Django Portal
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> {code}
> $ sudo certbot renew
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Processing /etc/letsencrypt/renewal/django.dreg.scigap.org.conf
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Cert is due for renewal, auto-renewing...
> Plugins selected: Authenticator apache, Installer apache
> Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
> Failed to renew certificate django.dreg.scigap.org with error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Processing /etc/letsencrypt/renewal/dreg.dnasequence.org.conf
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Cert is due for renewal, auto-renewing...
> Plugins selected: Authenticator apache, Installer apache
> Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
> Failed to renew certificate dreg.dnasequence.org with error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Processing /etc/letsencrypt/renewal/tus.dreg.scigap.org.conf
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Cert is due for renewal, auto-renewing...
> Plugins selected: Authenticator apache, Installer apache
> Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
> Failed to renew certificate tus.dreg.scigap.org with error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> All renewals failed. The following certificates could not be renewed:
> /etc/letsencrypt/live/django.dreg.scigap.org/fullchain.pem (failure)
> /etc/letsencrypt/live/dreg.dnasequence.org/fullchain.pem (failure)
> /etc/letsencrypt/live/tus.dreg.scigap.org/fullchain.pem (failure)
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 3 renew failure(s), 0 parse failure(s)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)