Expected behavior: Being able to connect to the domain with a non-expired certificate
What happen instead: I can connect to the domain, but have to accept the expired certificate first.
Reminds me of T267858.
Expected behavior: Being able to connect to the domain with a non-expired certificate
What happen instead: I can connect to the domain, but have to accept the expired certificate first.
Reminds me of T267858.
root@deployment-cache-upload06:/etc/acmecerts/unified/live# openssl x509 -dates -noout -in rsa-2048.crt notBefore=Jan 12 01:23:09 2021 GMT notAfter=Apr 12 01:23:09 2021 GMT root@deployment-cache-upload06:/etc/acmecerts/unified/live# touch /srv/trafficserver/tls/etc/ssl_multicert.config root@deployment-cache-upload06:/etc/acmecerts/unified/live# systemctl reload trafficserver-tls.service
It should be up & running now.. I'm not really familiar with the cloud puppetization but this doesn't mimic production behaviour
But yeah I guess this should be fixed/monitored better so it doesn't need manual reload.
Is that worth a dedicated followup ticket under observability and Beta-Cluster-Infrastructure ?
It should be roughly the same, we may have some differing hieradata.
We have T271778, which missed the upload part but does basically include this issue as the second bullet point.