centos-infra

#1678 Duffy: Some certificate expired
Closed: Fixed by arrfab. Opened by pjgeorg.

Closed: Fixed
Reopen Issue

It seems that some certificate related to duffy expired, e.g., running duffy client --url https://duffy.ci.centos.org/api/v1 --auth-name kmods --auth-key $API_KEY list-sessions gives the following error:

Traceback (most recent call last):
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_transports/default.py", line 101, in map_httpcore_exceptions
    yield
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_transports/default.py", line 250, in handle_request
    resp = self._pool.handle_request(req)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_sync/connection_pool.py", line 256, in handle_request
    raise exc from None
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_sync/connection_pool.py", line 236, in handle_request
    response = connection.handle_request(
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_sync/connection.py", line 101, in handle_request
    raise exc
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_sync/connection.py", line 78, in handle_request
    stream = self._connect(request)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_sync/connection.py", line 156, in _connect
    stream = stream.start_tls(**kwargs)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_backends/sync.py", line 170, in start_tls
    raise exc
  File "/usr/lib64/python3.9/contextlib.py", line 137, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpcore/_exceptions.py", line 14, in map_exceptions
    raise to_exc(exc) from exc
httpcore.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1147)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/<user>/.local/bin/duffy", line 8, in <module>
    sys.exit(cli())
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1128, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1053, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.9/site-packages/click/core.py", line 1395, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.9/site-packages/click/core.py", line 754, in invoke
    return __callback(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/click/decorators.py", line 38, in new_func
    return f(get_current_context().obj, *args, **kwargs)
  File "/home/<user>/.local/lib/python3.9/site-packages/duffy/cli.py", line 700, in client_list_sessions
    result = obj["client"].list_sessions()
  File "/home/<user>/.local/lib/python3.9/site-packages/duffy/client/main.py", line 101, in list_sessions
    return self._query_method(_MethodEnum.get, "/sessions")
  File "/home/<user>/.local/lib/python3.9/site-packages/duffy/client/main.py", line 86, in _query_method
    response = client_method(url=url, **add_kwargs)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_client.py", line 1053, in get
    return self.request(
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_client.py", line 825, in request
    return self.send(request, auth=auth, follow_redirects=follow_redirects)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_client.py", line 914, in send
    response = self._send_handling_auth(
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_client.py", line 942, in _send_handling_auth
    response = self._send_handling_redirects(
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_client.py", line 979, in _send_handling_redirects
    response = self._send_single_request(request)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_client.py", line 1014, in _send_single_request
    response = transport.handle_request(request)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_transports/default.py", line 250, in handle_request
    resp = self._pool.handle_request(req)
  File "/usr/lib64/python3.9/contextlib.py", line 137, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/home/<user>/.local/lib/python3.9/site-packages/httpx/_transports/default.py", line 118, in map_httpcore_exceptions
    raise mapped_exc(message) from exc
httpx.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1147)

interesting corner case on frontend haproxy but now resolved (tls cert was renewed and also loaded on proper backend, but frontend was missing a reload due to other issue)

Metadata Update from @arrfab:
- Issue assigned to arrfab

Metadata Update from @arrfab:
- Issue tagged with: centos-ci-infra, high-gain, low-trouble

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Log in to comment on this ticket.

Metadata

centos-ci-infra high-gain low-trouble

None
None
High
Powered by Pagure 1.0.0
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.