carapaceproxy icon indicating copy to clipboard operation
carapaceproxy copied to clipboard

Published 20 hours ago verified publisher icon diennea

Certificate status null after creation

Open hamadodene opened this issue 2 years ago • 0 comments

While creating a certificate we noticed from the interface that the status of the certificate was null.

{
  "id": "example.com",
  "hostname": "example.com",
  "mode": "acme",
  "dynamic": true,
  "status": null,
  "sslCertificateFile": "",
  "expiringDate": null,
  "daysBeforeRenewal": null,
  "serialNumber": null
}
Immagine

Our instance has 3 nodes:

  • carapace1
  • carapace2
  • carapace3 The certificate creation was created on carapace1. carapace3 took care of generating the certificate and when it finished we noticed from the logs that carapace2 also received the status update of the new certificate.

For some reason carapace1 doesn't seem to have received any certificate status updates. Which then returned status null.

[hamado.dene@carapace3 servicelog]$ grep example.com server.service.log
INFO: Configuring SSL certificate certificate.798.: hostname=example.com, file=, password=, mode=acme
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=waiting, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=waiting, manual=false,expiringDate=null,serialNumber null}
INFO: WAITING for certificate issuing process start for domain: example.com.
INFO: Pending order location for domain example.com: https://acme-v02.api.letsencrypt.org/acme/order/xxxxxx/xxxxxxxxxx
INFO: Pending challenge data for domain example.com: {"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxxxxxxx/xxx","token":"xxxxxxxxxxxxxxxxxxxx"}
INFO: Save certificate request status for domain example.com
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verifying, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verifying, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verifying, manual=false,expiringDate=null,serialNumber null}
INFO: VERIFYING certificate for domain example.com.
INFO: Save certificate request status for domain example.com
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verified, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=ordering, manual=false,expiringDate=null,serialNumber null}
SEVERE: No dynamic certificate available for domain example.com
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=ordering, manual=false,expiringDate=null,serialNumber null}
INFO: ORDERING certificate for domain example.com.
INFO: Certificate order checking for domain example.com
INFO: Success! The certificate for domain example.com has been generated!
INFO: Certificate issuing for domain: example.com SUCCEED. Certificate AVAILABLE.
INFO: Save certificate request status for domain example.com

hamado.dene@carapace2 servicelog]$ grep example.com server.service.log
INFO: Configuring SSL certificate certificate.798.: hostname=example.com, file=, password=, mode=acme
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=waiting, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=waiting, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verifying, manual=false,expiringDate=null,serialNumber null}
INFO: VERIFYING certificate for domain example.com.
INFO: Save certificate request status for domain example.com
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verifying, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verifying, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=verified, manual=false,expiringDate=null,serialNumber null}
INFO: Certificate for domain example.com VERIFIED.
INFO: Certificate ordering for domains [example.com]
INFO: Save certificate request status for domain example.com
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=ordering, manual=false,expiringDate=null,serialNumber null}
SEVERE: No dynamic certificate available for domain example.com
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=ordering, manual=false,expiringDate=null,serialNumber null}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=available, manual=false,expiringDate=Thu May 04 11:03:28 CEST 2023,serialNumber xxxxxxxxxxxxxxxxxxxxxxxxxx}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=available, manual=false,expiringDate=Thu May 04 11:03:28 CEST 2023,serialNumber xxxxxxxxxxxxxxxxxxxxxxxxxx}
INFO: RELOADED certificate for domain example.com: CertificateData{domain=example.com, state=available, manual=false,expiringDate=Thu May 04 11:03:28 CEST 2023,serialNumber xxxxxxxxxxxxxxxxxxxxxxxxxx}

[carapace@carapace1 servicelog]$ grep example.com server.service.log
certificate.798.hostname=example.com
INFO: certificate.798.hostname -> example.com
INFO: Configuring SSL certificate certificate.798.: hostname=example.com, file=, password=, mode=acme
certificate.798.hostname=example.com
INFO: certificate.798.hostname -> example.com
INFO: Configuring SSL certificate certificate.798.: hostname=example.com, file=, password=, mode=acme
INFO: Saving 'certificate.798.hostname'='example.com'
SEVERE: No dynamic certificate available for domain example.com
SEVERE: No dynamic certificate available for domain example.com
SEVERE: No dynamic certificate available for domain example.com

hamadodene avatar Feb 03 '23 15:02 hamadodene