apache fails to start on buster to to an SSL error
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	jbond
	Oct 9 2019, 2:27 PM

Description

On buster we see the following error

[Wed Oct 09 14:23:12.440462 2019] [ssl:emerg] [pid 31716] AH02561: Failed to configure certificate puppetmaster.test.eqiad.wmnet:443:0, check /var/lib/puppet/ssl/certs/puppetmaster.test.eqiad.wmnet.pem
[Wed Oct 09 14:23:12.440575 2019] [ssl:emerg] [pid 31716] SSL Library Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

for now i have addeed CipherString = DEFAULT@SECLEVEL=1 to /etc/ssl/openssl.cnf however we can simply remove the test vhost

Details

	Subject	Repo	Branch	Lines +/-
	puppetmaster::frontend: remove test_servers logic	operations/puppet	production	+0 -18
	puppetmaster::frontends: remove test servers	operations/puppet	production	+0 -2

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	jbond	T228657 Upgrade Puppet Masters and Puppet DB servers
Resolved	jbond	T234315 upgrade puppet master frontends servers
Resolved	jbond	T235077 apache fails to start on buster to to an SSL error

Event Timeline

jbond created this task.Oct 9 2019, 2:27 PM

Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptOct 9 2019, 2:27 PM

Change 541828 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] puppetmaster::frontends: remove test servers

https://gerrit.wikimedia.org/r/541828

gerritbot added a project: Patch-For-Review.Oct 9 2019, 2:31 PM

Change 541830 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] puppetmaster::frontend: remove test_servers logic

https://gerrit.wikimedia.org/r/541830

Change 541828 merged by Jbond:
[operations/puppet@production] puppetmaster::frontends: remove test servers

https://gerrit.wikimedia.org/r/541828

The test site has been removed and the SSL config reverted

jbond closed this task as Resolved.Oct 9 2019, 2:38 PM

jbond updated the task description. (Show Details)

Change 541830 merged by Jbond:
[operations/puppet@production] puppetmaster::frontend: remove test_servers logic