trafficcontrol
trafficcontrol copied to clipboard
apache
API acme_autorenew: Renewal are not being kicked off
After upgrading to 6.1.0 from 5.1.2. Also enabling Postgresql Traffic Vault. Certificate renewal trigger via the API isn't working anymore.
Note that using "renew" fro Traffic Portal for a single Delivery Service works (Sometimes fails, different issue).
This Bug Report affects these Traffic Control components:
- Traffic Ops (6.1.0)
Current behavior:
After issuing this API: /usr/local/bin/topost -a 4.0 /acme_autorenew
Logs are filled with the following for each certificate needed renewal:
getting ssl keys for xmlId: cdvr-4k and version: 1 : could not begin Traffic Vault PostgreSQL transaction: context canceled: context canceled
Expected behavior:
Certificates to be renewed.
Steps to reproduce:
See current behavior.
@smalenfant - can you add to the description which version(s) of TC this bug exists in.
@mitchell852 It's in there already. Maybe not clear. After upgrading to 6.1.0 from 5.1.2
@mitchell852 It's in there already. Maybe not clear.
After upgrading to 6.1.0 from 5.1.2
cool. guess i didn't see that. :)
I also noticed that the expiration is not set when doing the riak->postgreql migration. Not sure if this could affect the functionality of the renewal.
not being able to renew a cert seems like high impact (as opposed to low), right? @ocket8888
I don't think so. That would only impact a single delivery service at a time, only if they use this method of obtaining a cert, and only if they decide to use auto-renewal. There are a lot of ways around this and a lot of ways the problem is contained.
I don't think so. That would only impact a single delivery service at a time, only if they use this method of obtaining a cert, and only if they decide to use auto-renewal. There are a lot of ways around this and a lot of ways the problem is contained.
medium a good compromise? :)