Actions
action #134522
closed[alert] Certificate renewal on monitor.qa.suse.de might not be working causing alerts size:M
Start date:
2023-08-23
Due date:
2023-09-07
% Done:
0%
Estimated time:
Description
Observation¶
According to https://stats.openqa-monitor.qa.suse.de/d/E9tyiQ17k/ssl-certificate-alerts?orgId=1 the SAN validity of the certificate on monitor.qa.suse.de is going to expire in less than 5 days. I've checked the certificate via martchus@monitor:~> sudo openssl x509 -noout -text -in /etc/dehydrated/certs/monitor.qa.suse.de/fullchain.pem and it is indeed going to expire on Aug 28 22:23:02 2023 GMT. Firefox tells me the same if I access https://stats.openqa-monitor.qa.suse.de.
The dehydrated timer was executed successfuly but a manual run of dehydrated --cron shows that dehydrated just hangs.
Acceptance Criteria¶
- AC1: A new certificate is known to be avaialble and used
- AC2: It is understood what the cause was and how to avoid it next time
Suggestions¶
- Check why the certificate expiration is not renewed to be higher than 5 days, e.g. problems with
dehydrated.service. - Understand why dehydrated hangs and does not produce a new certificate
- Check if we can make the issue (whatever it is) better visible or workaround automatically in the future
Actions