Glynn Forrest
Glynn Forrest
Thanks @mikefarah, I figured it would have something to do with the way wildcards are interpreted. It's not a deal breaker if it's too hard to fix at this point...
Could this be related to https://github.com/saltstack/salt/pull/50734 (short tags vs long tags, e.g. `CN` vs `commonName`)?
Right you are @OrangeDog, I should have looked at the code you linked before commenting. I've ran into too many bugs with `x509.certificate_managed` (https://github.com/saltstack/salt/issues/39608, https://github.com/saltstack/salt/issues/41858) and need to keep moving...
Update: I've written a replacement with better error messages that's actually working quite well. I'm hoping to deploy it this week, confirm it solves the issues I've been facing, then...
PR is in: https://github.com/saltstack/salt/pull/52935 @OrangeDog the rewrite changes how certificates are checked for updates so #52180 may not apply any more. I'd be grateful if you could try out the...
Thanks for the nudge @sagetherage. I did some more work on #52935 today and rebased onto master. Unfortunately that PR will not fix this issue, but if it gets merged...
> The whole approach of the state needs to change - check the current certificate details first, not create a new one and compare the fields. Agree 100% @OrangeDog, the...
Can this be reopened please? #52935 wasn't intended to fix this.
> you can reconfigure existing firewalls in new files, but you cannot add new firewalls. That's because the order of firewalls is relevant (the first matching firewall is used) and...
Here's a repository that demonstrates the problem: https://github.com/glynnforrest/symfony-recipes-issue-829