"Dead" certificates warnings !!!
-
Hello all
After upgrading to 2.5.0 I started seeing warnings like this:
Certificate Manager The following CA/Certificate entries are expiring: Certificate Authority: Acmecert: O=Let's Encrypt, CN=Let's Encrypt Authority X3, C=US (5c40faedc89d0): Expiring soon, in 20 days Certificate: XYZ1 (5c52668400b69): Expired 127 days ago Certificate: XYZ2 (5f4693a1c361a): Expired 92 days ago @ 2021-02-25 03:01:00
The problem is that both certificates for servers XYZ1 and
XYZ2 were removed a long time ago!I guess this is stuck somewhere in my config.
Any ideas where and how to clean this up?Thx
-
@chudak Could you check for these certificates in
/cf/conf/config.xml
? -
@viktor_g said in "Dead" certificates warnings !!!:
@chudak Could you check for these certificates in
/cf/conf/config.xml
?Yes I see them there.
As:<dyndns>
<type>custom</type>
<username><![CDATA[admin]]></username>
<password><![CDATA[TGlzYTMxMDExOA==]]></password>
<host></host>
<domainname></domainname>
<mx></mx>
<interface>wan</interface>
<zoneid></zoneid>
<ttl></ttl>
<updateurl>http://api.dynu.com/nic/update?hostname=XYZ&pas
sword=lisa12</updateurl>
<resultmatch>good|nochg|good %IP%r</resultmatch>
<requestif>wan</requestif>
<descr><![CDATA[XYZ DNS]]></descr>
<id>6</id>
</dyndns>Can entire section be removed ?
Odd that it's never happened before 2.5.0, why ?Thx
-
-
Just remove the entries from the CA and Certificate tabs of the certificate manager (not ACME).
The X3 CA is old and isn't needed by anything current. If it shows as in use, then any cert that is signed by it needs to also be removed since there is no way they are valid.
If you do need the certs, fix them in ACME so they get renewed properly and then they should show as being signed by the Let's Encrypt R3 CA or similar, and the old entries can be removed from the cert manager.
Certificate manager entries aren't going to be automatically cleaned up since we can't predict whether the administrator is still using them on purpose.
-
Removed two offending from the Certificate tabs of the certificate manager, hope will see no warnings tomorrow.
Thx
-
As discussed here a month ago : Let's Encrypt Certificate Authority Expiring soon : do what has been suggested over there.
We have 2.5.0 now, the GUI warns us.
Still, up to use to use the buttons :