You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by "sccblue (via GitHub)" <gi...@apache.org> on 2023/03/03 06:50:54 UTC

[GitHub] [apisix] sccblue opened a new issue, #9003: bug: 找不到证书

sccblue opened a new issue, #9003:
URL: https://github.com/apache/apisix/issues/9003

   ### Current Behavior
   
   在dashboard上传证书后，apisix能自行找到https证书并处理https请求
   但是，当运行apisix（traditional mode）的pod全部被重启过一遍后（可以让deployment副本数为1，即只运行一个pod，然后kubectl delete pod），待新pod起来后，http请求可以正常转发，https请求会报错 failed to find any SSL certificate by SNI
   
   用户自行修复的方式：进入dashboard控制台-证书。在“证书列表“中的所有证书删除再次删除，即可恢复（全部域名都需要操作一次）
   
   ### Expected Behavior
   
   不要出现该问题
   
   ### Error Logs
   
   _No response_
   
   ### Steps to Reproduce
   
   在dashboard上传证书后，apisix能自行找到https证书并处理https请求
   但是，当运行apisix（traditional mode）的pod全部被重启过一遍后（可以让deployment副本数为1，即只运行一个pod，然后kubectl delete pod），待新pod起来后，http请求可以正常转发，https请求会报错 failed to find any SSL certificate by SNI
   
   用户自行修复的方式：进入dashboard控制台-证书。在“证书列表“中的所有证书删除再次删除，即可恢复（全部域名都需要操作一次）
   
   ### Environment
   
   - APISIX version (run `apisix version`):2.15.1 2.15.2
   - Operating system (run `uname -a`):5.4.0-1065-gke #68-Ubuntu SMP Wed Mar 2 14:58:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux （从官方下载的docker pull apache/apisix:2.15.2-centos docker pull apache/apisix:2.15.1-centos）
   - 
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - nginx version: openresty/1.21.4.1
   built by gcc 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)
   built with OpenSSL 1.1.1n  15 Mar 2022 (running with OpenSSL 1.1.1s  1 Nov 2022)
   TLS SNI support enabled
   configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DAPISIX_BASE_VER=1.21.4.1.3 -DNGX_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_HTTP_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.21 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --ad
 d-module=../ngx_stream_lua-0.0.11 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -Wl,-rpath,/usr/local/openresty/wasmtime-c-api/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib' --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../mod_dubbo-1.0.2 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../ngx_multi_upstream_module-1.1.1 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../apisix-nginx-module-1.11.0 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../apisix-nginx-module-1.11.0/src/stream --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../apisix-nginx-module-1.11.0/src/meta --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../wasm-nginx-module-0.6.4 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../lua-var-nginx-module-v0.5.3 --add-module=/tmp/tmp.Xhr2NIouwg/openresty-1.21.4.1/../grp
 c-client-nginx-module-v0.3.1 --with-poll_module --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-http_ssl_module
   
   
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): {"etcdserver":"3.5.7","etcdcluster":"3.5.0"}
   - 
   - APISIX Dashboard version, if relevant:  docker pull apache/apisix-dashboard:3.0.0-centos
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] sccblue commented on issue #9003: bug: 找不到证书

Posted by "sccblue (via GitHub)" <gi...@apache.org>.

sccblue commented on issue #9003:
URL: https://github.com/apache/apisix/issues/9003#issuecomment-1455685318

   > please
   
   upgrade apisix version to 3.1.0, It fix


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Baoyuantop commented on issue #9003: bug: 找不到证书

Posted by "Baoyuantop (via GitHub)" <gi...@apache.org>.

Baoyuantop commented on issue #9003:
URL: https://github.com/apache/apisix/issues/9003#issuecomment-1453085667

   Dashboard 3.0.0 cannot be used with APISIX 2.15.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Baoyuantop commented on issue #9003: bug: 找不到证书

Posted by "Baoyuantop (via GitHub)" <gi...@apache.org>.

Baoyuantop commented on issue #9003:
URL: https://github.com/apache/apisix/issues/9003#issuecomment-1455283493

   This can lead to compatibility issues, so please use Dashboard 2.15.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] sccblue closed issue #9003: bug: 找不到证书

Posted by "sccblue (via GitHub)" <gi...@apache.org>.

sccblue closed issue #9003: bug: 找不到证书
URL: https://github.com/apache/apisix/issues/9003


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org