centos-infra

#888 TLS certificate for api.ocp.ci.centos.org has expired
Closed: Fixed by mrc0mmand. Opened by mrc0mmand.

Closed: Fixed
Reopen Issue

Today Firefox started complaining when accessing our Jenkins instance (https://jenkins-systemd.apps.ocp.ci.centos.org/) regarding an expired certificate. Looks like this is caused by an expired cert on the api.ocp.ci.centos.org node:

$ openssl s_client -verify_return_error -connect jenkins-systemd.apps.ocp.ci.centos.org:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = api.ocp.ci.centos.org
verify error:num=10:certificate has expired
notAfter=Aug 14 05:47:17 2022 GMT
403C90D1E57F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1887:
---
Certificate chain
 0 s:CN = api.ocp.ci.centos.org
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 16 05:47:18 2022 GMT; NotAfter: Aug 14 05:47:17 2022 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4279 bytes and written 349 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---

Resolved by @arrfab, thanks!

Metadata Update from @mrc0mmand:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Log in to comment on this ticket.

Metadata
None
None
None
None
High
Powered by Pagure 1.0.0
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.