I just noticed this:
Feb 07 12:47:03 tools-acme-chief-01 systemd[1]: Starting keyholder-proxy - Filtering proxy for keyholder SSH agent... Feb 07 12:47:03 tools-acme-chief-01 systemd[1]: Started keyholder-proxy - Filtering proxy for keyholder SSH agent. Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: /etc/keyholder.d/authdns_acmechief.pub is not a public key file. Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: Traceback (most recent call last): Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: File "/usr/local/bin/ssh-agent-proxy", line 306, in <module> Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: main() Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: File "/usr/local/bin/ssh-agent-proxy", line 293, in main Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: perms = get_key_perms(args.auth_dir, args.key_dir) Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: File "/usr/local/bin/ssh-agent-proxy", line 106, in get_key_perms Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: fingerprints = get_key_fingerprints(key_dir) Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: File "/usr/local/bin/ssh-agent-proxy", line 95, in get_key_fingerprints Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: ['/usr/bin/ssh-keygen', '-lf', fname], universal_newlines=True) Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: File "/usr/lib/python3.7/subprocess.py", line 395, in check_output Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: **kwargs).stdout Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: File "/usr/lib/python3.7/subprocess.py", line 487, in run Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: output=stdout, stderr=stderr) Feb 07 12:47:04 tools-acme-chief-01 ssh-agent-proxy[18310]: subprocess.CalledProcessError: Command '['/usr/bin/ssh-keygen', '-lf', '/etc/keyholder.d/authdns_acmechief.pub']' returned non-zero exit status 255. Feb 07 12:47:04 tools-acme-chief-01 systemd[1]: keyholder-proxy.service: Main process exited, code=exited, status=1/FAILURE Feb 07 12:47:04 tools-acme-chief-01 systemd[1]: keyholder-proxy.service: Failed with result 'exit-code'.
This may or may not be related to T301117: toolsbeta acme-chief certtificate has expired