Friday, 2023-07-28

fricklerianw: nope, the first way round was correct, cf. where I collected all the logs08:02
frickler1407: issue => Certificate request issued, renew => unexpected error 1 (some internal LE hickup probably during cert creation)08:03
frickler1507: issue => Cert generated since the dns-01 from 1407 was still valid => error 0 since doesn't handle that case08:04
frickler2707: same thing after renaming the .conf files08:04
fricklernot sure how long the auth will be valid, I was originally thinking 7d but we're past that already08:05
fricklerwe could either try to rename the key, which should generate a new one and force a re-auth, or just wait a bit more and see when the dns-01 expires, possibly combined with manually cleaning up the auth zone08:06
frickleror we could find how to properly make and our playbooks around it handle the current situation08:07
fricklerthe " is already verified, skip dns-01." is why I think cleaning up records won't help though, since that sounds as if LE doesn't really look at DNS at all in the current status08:08
frickleranother option might be to add another name into the list to force a re-issue, like meetpad02.opendev.org08:09
*** gthiemon1e is now known as gthiemonge09:52
*** amoralej is now known as amoralej|lunch13:09
fungiwell, those servers are still running bionic. if we built jammy replacements the current issue would go away (though we wouldn't have addressed the set of conditions that led to the cert renewal deadlock, so it could conceivably bite us again some time in the future)13:13
*** amoralej|lunch is now known as amoralej13:48
*** gibi is now known as gibi_pto16:15
*** promethe- is now known as prometheanfire19:05

Generated by 2.17.3 by Marius Gedminas - find it at!