Certificate Generation Fails Since Host CA Validity Is Less Than The Amount Of TTL With Which Certif
Problem
[2022-03-21 17:47:05] KeyError: 'data'
[2022-03-21 17:47:05] Error loading file /tmp/authbs-certs.tTAf/flannel/etcd/ca.crt
[2022-03-21 17:47:05] Certificate is not signed by CA
[2022-03-21 17:47:05] Cert missed in this round: flannel/etcd
[2022-03-21 17:47:05] Retrying again internally/tmp/authbs-certs.NqWH/admin# cat request.json
{"errors":["cannot satisfy request, as TTL would result in notAfter 2025-03-20T17:52:08.088914479Z that is beyond the expiration of the CA certificate at 2025-03-02T13:59:50Z"]}
/tmp/authbs-certs.NqWH/admin# pwd
/tmp/authbs-certs.NqWH/admin2023-09-28T04:44:29.8181Z DEBUG Unable to prep node: Error: Unable to install hostagent. error while running installer script: HOST_CERTS_SCRIPT_FAILED
/opt/pf9/hostagent/bin/host-certs.py\", line 113, in <module><br> sys.exit(main())<br> File \"/opt/pf9/hostagent/bin/host-certs.py\", line 110, in main<br> return args.func(args)<br> File \"/opt/pf9/hostagent/bin/host-certs.py\", line 31, in _refresh<br> cert, ca = vouch.sign_csr(csr, args.common_name)<br> File \"/opt/pf9/hostagent/lib/python3.9/site-packages/bbslave/certs.py\", line 72, in sign_csr<br> resp.raise_for_status()<br> File \"/opt/pf9/hostagent/lib/python3.9/site-packages/requests/models.py\", line 1021, in raise_for_status<br> raise HTTPError(http_error_msg, response=self)<br>requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://DU-FQDN/vouch/v1/sign/cert<br>"}Environment
Solution
Additional Information
PreviousHostname/IP Does not Match Certificate's altnames Which Breaks the Communication to Management PlaneNextMultiple old CA cert Files Observed on Host After Host CA Rotation
Last updated