> Regarding host certificate renewal: I noticed that I didn't receive
> the 30-day notification for a certificate which recently entered the
> renewal window. Luckily nagios on my hosts reminded me!
> It looks as if there may be a general problem with these renewal
> emails? I *did* get an email confirming that the renewal had been
> processed, so the "system" is not completely broken.
My apologies for hijacking Winnie's thread a bit, but I too was only
saved by the nagios bell from having my SE certificate run out on me
this week.
Cheers,
Matt
> On 04/11/2014 15:32, Winnie Lacesso wrote:
>> On Tue, 4 Nov 2014, Winnie Lacesso wrote:
>>> On our APEL node, all looks healthy in /var/log/apel/client.log for Nov
>>> 1,2,3 but then last night, error:
>>>
>>> 2014-11-04 02:36:23,349 - ssm.ssm2 - INFO - Connecting using SSL...
>>> 2014-11-04 02:36:23,549 - stomp.py - WARNING - Could not connect to
>>> host mq.cro-ngi.hr, port 6162: [Errno 1] _ssl.c:492:
>>> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>>> unknown
>>> 2014-11-04 02:36:23,947 - stomp.py - WARNING - Could not connect to
>>> host mq.cro-ngi.hr, port 6162: [Errno 1] _ssl.c:492:
>>> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>>> unknown
>>> 2014-11-04 02:36:24,336 - stomp.py - WARNING - Could not connect to
>>> host mq.cro-ngi.hr, port 6162: [Errno 1] _ssl.c:492:
>>> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>>> unknown
>>> 2014-11-04 02:36:24,740 - ssm.ssm2 - WARNING - Failed to connect to
>>> mq.cro-ngi.hr:6162.
>>> 2014-11-04 02:36:24,740 - client - ERROR - SSM failed to complete
>>> successfully: Attempts to start the SSM failed. The system will exit.
>>> 2014-11-04 02:36:24,748 - client - INFO - SSM stopped.
>>
>> That's because our APEL node cert expired on 3 Nov 2014 and
>> **NO EMAIL NOTIFY** was received about this in advance.
>>
>> We're supposed to get 30-days notice then 7-days notice to ensure
>> the host cert can be renewed in time. This time: nothing.
>>
>> BOO!
>> Applying for new APEL NODE host cert pronto pronto.
>>
|