Incident #23196
closed
New problem accessing FTP server from Dnet
100%
Description
The aggregation workflow of ISPC continues to fail trying to access the new FTP server, the error is:
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Apr 01 02:27:24 CEST 2022
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:677)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:650)
at org.apache.commons.net.util.TrustManagerUtils$TrustManager.checkServerTrusted(TrustManagerUtils.java:61)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1256)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 23 more
Could you update the certificate?
Subtasks
Related issues
Updated by Andrea Dell'Amico almost 3 years ago
- Status changed from New to Feedback
The certificate is valid, and the logs show that the ftp service was restarted after the last renewal
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: Mar 2 00:27:25 2022 GMT
Not After : May 31 00:27:24 2022 GMT
Subject: CN = new-openportal.isti.cnr.it
Wed Mar 2 02:27:28 CET 2022
Copy the key file
Failed to restart VSFTPD.service: Unit VSFTPD.service not found.
acme-vsftpd-hook: Restart the VSFTPD service
acme-vsftpd-hook: Done.
[...]
X509v3 Subject Alternative Name:
DNS:new-openportal.isti.cnr.it, DNS:newftp.openportal.isti.cnr.it, DNS:openportal.ispc.cnr.it
It's the same certificate used by the web server, so a renewal failure wouldn't go unnoticed.
Since when the workflow is failing?
Updated by Michele Artini almost 3 years ago
I restarted the wf, but it failed again:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: NotAfter: Fri Apr 01 02:27:24 CEST 2022
The last successful execution was March 31.
Updated by Andrea Dell'Amico almost 3 years ago
Hm. It required another restart. Now it sports the correct certificate.
Updated by Michele Artini almost 3 years ago
- Status changed from Feedback to Closed
I restarted also the container and now the wf completed successfully.
Probably the old certificate remained in some cache.
I close the ticket.
Updated by Michele Artini over 2 years ago
- Status changed from Closed to In Progress
Devo riaprire il ticket perchè il problema si è ripresentato:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: NotAfter: Tue May 31 02:27:24 CEST 2022
@andrea.dellamico@isti.cnr.it Puoi verificare?
Updated by Andrea Dell'Amico over 2 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
I restarted it again, and changed the hook script to restart the ftp server twice.
Updated by Michele Artini over 2 years ago
- Status changed from Closed to In Progress
I reopened the ticket
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: NotAfter: Sun Jul 31 01:59:59 CEST 2022
Updated by Anonymous over 2 years ago
I restarted the ftp service, maybe the problem is the same, better fix needed.
@michele.artini@isti.cnr.it Could you try and check again?
Updated by Michele Artini over 2 years ago
- Status changed from In Progress to Closed
Thanks anonymous :-)
Now it works.
I close the ticket.
Updated by
Updated by Michele Artini about 2 years ago
I reopen this ticket:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: NotAfter: Wed Dec 28 10:20:50 CET 2022
Could you update the certificate?
Updated by Andrea Dell'Amico about 2 years ago
I just restarted the ftp service and I also spotted and fixed the problem: the restart command in the hook script was wrong, the service name was all capital letters. I don't know why I missed that in the past.