Phil Porada
Phil Porada
Related to https://github.com/letsencrypt/boulder/issues/5231
@osirisinferi This is a great idea and I'm sorry I missed it FOR AN ENTIRE YEAR.
[I, for one, welcome our new pkilint overlords.](https://www.youtube.com/watch?v=8lcUHQYhPTE)
There's [this PR](https://github.com/jsha/minica/pull/50) that will fix the second bullet point.
That's ok, Aaron made a good point, I still have more work to do. On Wed, May 1, 2024, 5:33 AM Isaac Truscott ***@***.***> wrote: > Thanks for the pull...
Merge it when ready :) On Mon, May 6, 2024, 8:22 PM Isaac Truscott ***@***.***> wrote: > ***@***.**** approved this pull request. > > Looks good to me too, thankyou!...
I like the metric idea for this. Searching the past 90 days of prod/staging logs for `generate certificate` shows no hits, _so that's good_.
Spotted again [here](https://github.com/letsencrypt/boulder/actions/runs/5061350846/jobs/9085442129). ``` [a:53 b:53 [2606:4700:4700::1111]:53] --- FAIL: TestRotateServerOnErr (0.00s) dns_test.go:793: Expected B server to have non-zero lookup attempts FAIL FAIL github.com/letsencrypt/boulder/bdns 0.258s ```
[This](https://github.com/letsencrypt/boulder/actions/runs/5061812798/jobs/9086528341?pr=6822) appears related too, or at least was a random failure I spotted yesterday. ``` 20:37:06.724792 6 boulder-ra 3L3Eww8 [AUDIT] Certificate request - error JSON={"ID":"bwcSV40cF9ZWynwNrM3TTEOGL5006pbTVEhOiZg9wEI","Requester":1,"OrderID":1,"VerifiedFields":["subject.commonName","subjectAltName"],"NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","RequestTime":"2022-11-24T20:37:01Z","ResponseTime":"2022-11-24T20:37:01Z","Error":"issuing precertificate: rpc error: code =...
I was able to reproduce the initial failure after ~1000 iterations on my machine. ``` docker compose run boulder bash watch -n0.23 "go test -v ./bdns -count=1 -run TestRotateServerOnErr" ```