Look for "Certificate aziot-edged-ca will be auto-renewed. Next renewal at 2024-06-07T07:55:02+00:00." in the "iotedge system logs"
Context (Environment)
config.toml
Click here
```
# ==============================================================================
# Hostname
# ==============================================================================
#
# Uncomment the next line to override the default hostname of this device.
#
hostname = "xxxxxxxxxxxxxxxxxx.cloudapp.azure.com"
# ==============================================================================
# Parent hostname
# ==============================================================================
#
# If this is a Nested Edge device, uncomment the next line to set the
# parent hostname of this device.
#
# parent_hostname = "my-parent-device"
# ==============================================================================
# Trust bundle cert
# ==============================================================================
#
# If you have any trusted CA certificates required for Edge module communication,
# uncomment the next line and set the value to a file URI for
# the path of the file.
#
# trust_bundle_cert = "file:///var/secrets/trust-bundle.pem"
# ==============================================================================
# Elevated Docker Permissions Flag
# ==============================================================================
#
# Some docker capabilities can be used to gain root access.
# By default, the --privileged flag and all capabilities listed in the CapAdd
# field of the docker HostConfig are allowed.
#
# In a future release, this will be disabled by default and the flag will be required
# run as privileged.
#
# If no modules require privileged or additional capabilities, uncomment the following
# line to improve the security of the device.
#
# allow_elevated_docker_permissions = false
# ==============================================================================
# Module identity cache preference
# ==============================================================================
#
# The default behavior is to request module identities from IoT Hub and fall back to a
# cached backup if the Hub request fails. This keeps identities in sync with IoT Hub,
# but results in extra requests to Hub that may not be necessary depending on use case.
#
# Setting prefer_module_identity_cache to true reverses the behavior so that the cached
# identities are preferred to IoT Hub requests. Requests to Hub are still made if identities
# are not found in the cache.
#
# prefer_module_identity_cache = false
# ==============================================================================
# Provisioning
# ==============================================================================
# Optional auto reprovisioning mode
# ------------------------------------
# This property specifies the conditions under which the device attempts to
# automatically reprovision with the cloud. It is ignored if the device has
# been provisioned manually. One of the following values can be set:
# Dynamic: Reprovision when the device detects that it may have
# been moved from one IoT Hub to another. This is the default.
# AlwaysOnStartup: Reprovision when the device is rebooted or a crash causes
# the daemon(s) to restart.
# OnErrorOnly: Never trigger device reprovisioning automatically.
# Device reprovisioning only occurs as fallback, if the device
# is unable to connect to IoT Hub during identity provisioning
# due to connectivity errors. This fallback behavior is implicit
# in Dynamic and AlwaysOnStartup modes as well.
#
# auto_reprovisioning_mode = Dynamic
#
# ==============================================================================
# Cloud Timeout and Retry Behavior
# ==============================================================================
#
# These settings control the timeout and retries for cloud operations, such as
# communication with DPS during provisioning or IoT Hub for module identity creation.
#
# cloud_timeout_sec is the deadline (in seconds) for a network request (such as
# an HTTP request) to the aforementioned cloud services. A response from the cloud
# must be received before this deadline, or the request will fail as timed out.
#
# cloud_retries controls how many times a request may be retried should it fail.
# The client will always send at least one attempt, so its value will be the number
# of retries after the first attempt should that fail (i.e. cloud_retries = 2
# means that the client will make a total of 3 attempts).
#
# cloud_timeout_sec = 10
# cloud_retries = 1
# Provisioning configuration
# --------------------------
# Uncomment one block and replace the stub values with yours.
## Manual provisioning with connection string
#
# [provisioning]
# source = "manual"
# connection_string = "HostName=example.azure-devices.net;DeviceId=my-device;SharedAccessKey=YXppb3QtaWRlbnRpdHktc2VydmljZXxhemlvdC1pZGU="
## Manual provisioning with symmetric key
# [provisioning]
# source = "manual"
# iothub_hostname = "example.azure-devices.net"
# device_id = "my-device"
#
# [provisioning.authentication]
# method = "sas"
#
# device_id_pk = { value = "YXppb3QtaWRlbnRpdHktc2VydmljZXxhemlvdC1pZGU=" } # inline key (base64), or...
# device_id_pk = { uri = "file:///var/secrets/device-id.key" } # file URI, or...
# device_id_pk = { uri = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" } # PKCS#11 URI
## Manual provisioning with X.509 certificate
# [provisioning]
# source = "manual"
# iothub_hostname = "example.azure-devices.net"
# device_id = "my-device"
#
# [provisioning.authentication]
# method = "x509"
#
## identity certificate private key
# identity_pk = "file:///var/secrets/device-id.key.pem" # file URI, or...
# identity_pk = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" # PKCS#11 URI
#
## identity certificate
# identity_cert = "file:///var/secrets/device-id.pem" # file URI, or...
# [provisioning.authentication.identity_cert] # dynamically issued via...
# method = "est" # - EST
# method = "local_ca" # - a local CA
# common_name = "my-device" # with the given common name, or...
# subject = { L = "AQ", ST = "Antarctica", CN = "my-device" } # with the given DN fields
## DPS provisioning with symmetric key
# [provisioning]
# source = "dps"
# global_endpoint = "https://global.azure-devices-provisioning.net"
# id_scope = "0ab1234C5D6"
#
## Uncomment to send a custom payload during DPS registration
# payload = { uri = "file:///var/secrets/aziot/identityd/dps-additional-data.json" }
#
# [provisioning.attestation]
# method = "symmetric_key"
# registration_id = "my-device"
#
# symmetric_key = { value = "YXppb3QtaWRlbnRpdHktc2VydmljZXxhemlvdC1pZGVudGl0eS1zZXJ2aWNlfGF6aW90LWlkZW50aXR5LXNlcg==" } # inline key (base64), or...
# symmetric_key = { uri = "file:///var/secrets/device-id.key" } # file URI, or...
# symmetric_key = { uri = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" } # PKCS#11 URI
## DPS provisioning with X.509 certificate
[provisioning]
source = "dps"
global_endpoint = "https://global.azure-devices-provisioning.net/"
id_scope = "0xxxxxxxxxx"
#
## Uncomment to send a custom payload during DPS registration
# payload = { uri = "file:///var/secrets/aziot/identityd/dps-additional-data.json" }
#
[provisioning.attestation]
method = "x509"
registration_id = "my-device"
#
## identity certificate private key
# identity_pk = "file:///var/secrets/device-id.key.pem" # file URI, or...
# identity_pk = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" # PKCS#11 URI
#
## identity certificate
# identity_cert = "file:///var/secrets/device-id.pem" # file URI, or...
[provisioning.attestation.identity_cert] # dynamically issued via...
method = "est" # - EST
# method = "local_ca" # - a local CA
common_name = "my-device" # with the given common name, or...
# subject = { L = "AQ", ST = "Antarctica", CN = "my-device" } # with the given DN fields
#
## Uncomment the section below to enable automatic renewal of the device ID certificate.
## Auto-renewal requires a known certificate issuance method. This generally means that
## 'method' is either 'est' or 'local_ca'.
##
## IMPORTANT:
## ONLY ENABLE AUTO-RENEWAL IF THIS DEVICE IS CONFIGURED FOR CA-BASED DPS ENROLLMENT.
## USING AUTO-RENEWAL FOR AN INDIVIDUAL ENROLLMENT WILL CAUSE THE DEVICE TO BE UNABLE
## TO REPROVISION.
# [provisioning.attestation.identity_cert.auto_renew]
# rotate_key = true
# threshold = "80%"
# retry = "4%"
## DPS provisioning with TPM
# [provisioning]
# source = "dps"
# global_endpoint = "https://global.azure-devices-provisioning.net"
# id_scope = "0ab1234C5D6"
#
## Uncomment to send a custom payload during DPS registration
# payload = { uri = "file:///var/secrets/aziot/identityd/dps-additional-data.json" }
#
# [provisioning.attestation]
# method = "tpm"
# registration_id = "my-device"
# ==============================================================================
# Cert issuance
# ==============================================================================
#
# If you configured any dynamically issued certs above, uncomment the block
# corresponding to the issuance method and replace the stub values with yours.
# Cert issuance via EST
# ---------------------
[cert_issuance.est]
trusted_certs = [
"file:///var/aziot/certs/cacert.crt.pem",
]
[cert_issuance.est.auth]
username = "estuser"
password = "estpwd"
#
# # EST ID cert already on device, or...
# identity_cert = "file:///var/secrets/est-id.pem"
#
# identity_pk = "file:///var/secrets/est-id.key.pem" # file URI, or...
# identity_pk = "pkcs11:slot-id=0;object=est-id?pin-value=1234" # PKCS#11 URI
#
# # EST ID cert requested via EST bootstrap ID cert
# bootstrap_identity_cert = "file:///var/secrets/est-bootstrap-id.pem"
#
# bootstrap_identity_pk = "file:///var/secrets/est-bootstrap-id.key.pem" # file URI, or...
# bootstrap_identity_pk = "pkcs11:slot-id=0;object=est-bootstrap-id?pin-value=1234" # PKCS#11 URI
#
## Controls the renewal of EST identity certs. These certs are issued by the EST server after
## initial authentication with the bootstrap cert and managed by Certificates Service.
# [cert_issuance.est.identity_auto_renew]
# rotate_key = true
# threshold = "80%"
# retry = "4%"
#
[cert_issuance.est.urls]
default = "https://localhost:8085/.well-known/est"
# Cert issuance via local CA
# --------------------------
# [cert_issuance.local_ca]
# cert = "file:///var/secrets/local-ca.pem"
#
# pk = "file:///var/secrets/local-ca.key.pem" # file URI, or...
# pk = "pkcs11:slot-id=0;object=local-ca?pin-value=1234" # PKCS#11 URI
# ==============================================================================
# TPM
# ==============================================================================
#
# If special configuration is required for the TPM when using DPS TPM
# provisioning, uncomment any pertinent sections below.
# [tpm]
# # TCTI loader string; see "TCG TSS 2.0 TPM Command Transmission
# # Interface (TCTI) API Specification" section 3.5 for an overview of
# # acceptable TCTI loader strings. By default, this is "device". Setting
# # this to the empty string will cause the TCTI loader library to try
# # loading a predefined set of TCTI modules in order.
# # Ref: https://github.com/tpm2-software/tpm2-tss/blob/3.1.1/src/tss2-tcti/tctildr-dl.c#L28-L59
# tcti = "swtpm:port=2321"
#
# # The TPM index at which to persist the DPS authentication key. The index is
# # taken as an offset from the base address for persistent objects
# # (0x81000000), and must lie in the range 0x00_00_00--0x7F_FF_FF. The default
# # value is 0x00_01_00.
# auth_key_index = "0x00_01_00"
# # Authorization values for use of the endorsement and owner hierarchies, if
# # necessary. By default, these are empty strings.
# [tpm.hierarchy_authorization]
# endorsement = "hello"
# owner = "world"
# ==============================================================================
# PKCS#11
# ==============================================================================
#
# If you used any PKCS#11 URIs above, uncomment the next block and
# replace the stub values with your PKCS#11 configuration.
# [aziot_keys]
# pkcs11_lib_path = "/usr/lib/libmypkcs11.so"
# pkcs11_base_slot = "pkcs11:slot-id=0?pin-value=1234"
# ==============================================================================
# Default Edge Agent
# ==============================================================================
#
# If you need to override the parameters of the default Edge Agent module,
# uncomment this section and replace the values in this section with your own.
#
# Note that the agent.config.createOptions field is specified as
# a TOML inline table. This format looks similar to JSON but it is not JSON.
# See https://toml.io/en/v1.0.0#inline-table for documentation.
# [agent]
# name = "edgeAgent"
# type = "docker"
# imagePullPolicy = "..." # "on-create" or "never". Defaults to "on-create"
# [agent.config]
# image = "mcr.microsoft.com/azureiotedge-agent:1.5"
# createOptions = { HostConfig = { Binds = ["/iotedge/storage:/iotedge/storage"] } }
# [agent.config.auth]
# serveraddress = "example.azurecr.io"
# username = "username"
# password = "password"
# [agent.env]
# "RuntimeLogLevel" = "debug"
# "UpstreamProtocol" = "AmqpWs"
# "storageFolder" = "/iotedge/storage"
# ==============================================================================
# Daemon management and workload API endpoints
# ==============================================================================
#
# If you need to override the management and workload API endpoints,
# uncomment this section and replace the values in this section with your own.
# [connect]
# workload_uri = "unix:///var/run/iotedge/workload.sock"
# management_uri = "unix:///var/run/iotedge/mgmt.sock"
#
# [listen]
# workload_uri = "fd://aziot-edged.workload.socket"
# management_uri = "fd://aziot-edged.mgmt.socket"
# ==============================================================================
# Edge Agent watchdog
# ==============================================================================
#
# If you need to override the default Edge Agent watchdog settings,
# uncomment this section and replace the values with your own.
#
# [watchdog]
# max_retries = "infinite" # the string "infinite" or a positive integer. Defaults to "infinite"
# ==============================================================================
# Edge CA certificate
# ==============================================================================
#
# If you have your own Edge CA certificate that you want all module certificates
# to be issued by, uncomment one of the sections below and replace the values with
# your own.
# Edge CA certificate loaded from a file:
# ---------------------
# [edge_ca]
# cert = "file:///var/secrets/edge-ca.pem" # file URI
#
# pk = "file:///var/secrets/edge-ca.key.pem" # file URI, or...
# pk = "pkcs11:slot-id=0;object=edge%20ca?pin-value=1234" # PKCS#11 URI
# Edge CA certificate issued over EST:
# ---------------------
[edge_ca]
method = "est"
#
# # Optional EST configuration for issuing the Edge CA certificate below.
# # If not set, the defaults in [cert_issuance.est] will be used.
#
# common_name = "aziot-edge CA"
# expiry_days = 90
# url = "https://example.org/.well-known/est"
#
# username = "estuser"
# password = "estpwd"
#
# # EST ID cert already on device, or...
# identity_cert = "file:///var/secrets/est-id.pem"
#
# identity_pk = "file:///var/secrets/est-id.key.pem" # file URI, or...
# identity_pk = "pkcs11:slot-id=0;object=est-id?pin-value=1234" # PKCS#11 URI
#
# # EST ID cert requested via EST bootstrap ID cert
# bootstrap_identity_cert = "file:///var/secrets/est-bootstrap-id.pem"
#
# bootstrap_identity_pk = "file:///var/secrets/est-bootstrap-id.key.pem" # file URI, or...
# bootstrap_identity_pk = "pkcs11:slot-id=0;object=est-bootstrap-id?pin-value=1234" # PKCS#11 URI
# Edge CA certificate issued from a local CA certificate:
# Requires [cert_issuance.local_ca] to be set.
# ---------------------
# [edge_ca]
# method = "local_ca"
#
# # Optional configuration below.
#
# common_name = "aziot-edge CA"
# expiry_days = 90
# ==============================================================================
# Edge CA certificate (Quickstart)
# ==============================================================================
#
# If you do not have your own Edge CA certificate that you want all
# module certificates to be issued by, you can uncomment this section and
# set the number of days for the lifetime of the auto-generated
# self-signed Edge CA certificate. Defaults to 90 days.
#
# SECURITY NOTE: this setting is NOT recommended for production usage. Please
# configure your own Edge CA certificate in the Edge CA certificate section
# above instead.
#
# [edge_ca]
# auto_generated_edge_ca_expiry_days = 90
# ==============================================================================
# Edge CA certificate auto-renewal
# ==============================================================================
#
# Manage auto-renewal of the Edge CA certificate. Generally, this applies when the
# Edge CA is configured as Quickstart or when the Edge CA has an issuance `method`
# set. Edge CA certs loaded from files generally cannot be auto-renewed as the Edge
# runtime will not have enough information to renew them.
#
# Renewal of an Edge CA requires all server certificates issued by that CA to be
# regenerated. This is done by restarting all modules. The time of Edge CA renewal
# cannot be guaranteed, so if random module restarts are unacceptable for your use
# case, disable auto renewal.
#
# Note that for auto-generated (quickstart) certificates, both the certificate and key
# must be regenerated on renewal so rotate_key must be true. Another issuance method
# is required if rotate_key = false.
#
# [edge_ca.auto_renew]
# rotate_key = true
# threshold = "80%"
# retry = "4%"
# ==============================================================================
# Image garbage collection
# ==============================================================================
#
# If you need to override the default image garbage collection configuration,
# uncomment this section and replace the values in this section with your own.
#
# 'enabled' controls whether image garbage collection runs or not.
# 'cleanup_recurrence' is how frequently you want the image gc to run.
# 'image_age_cleanup_threshold' is the "age" of unused images, after which they will be cleaned up.
# 'cleanup_time' in 24-hour HH:MM format is a best efforts dictate of when the cleanup job runs.
# [image_garbage_collection]
# enabled = true
# cleanup_recurrence = "1d"
# image_age_cleanup_threshold = "7d"
# cleanup_time = "00:00"
# ==============================================================================
# Moby runtime
# ==============================================================================
#
# If you need to override the default Moby runtime configuration,
# uncomment this section and replace the values in this section with your own.
# [moby_runtime]
# uri = "unix:///var/run/docker.sock"
# network = "azure-iot-edge"
```
Output of iotedge check
Click here
```
Configuration checks (aziot-identity-service)
---------------------------------------------
√ keyd configuration is well-formed - OK
√ certd configuration is well-formed - OK
√ tpmd configuration is well-formed - OK
√ identityd configuration is well-formed - OK
√ daemon configurations up-to-date with config.toml - OK
√ identityd config toml file specifies a valid hostname - OK
√ aziot-identity-service package is up-to-date - OK
√ host time is close to reference time - OK
‼ production readiness: identity certificates expiry - Warning
DPS identity 'device-id' will expire soon (2024-06-07 09:21:12 UTC, in 0 days)
√ preloaded certificates are valid - OK
√ keyd is running - OK
√ certd is running - OK
√ identityd is running - OK
√ read all preloaded certificates from the Certificates Service - OK
√ read all preloaded key pairs from the Keys Service - OK
√ check all EST server URLs utilize HTTPS - OK
√ ensure all preloaded certificates match preloaded private keys with the same ID - OK
Connectivity checks (aziot-identity-service)
--------------------------------------------
‼ host can connect to and perform TLS handshake with iothub AMQP port - Warning
Could not retrieve iothub_hostname from provisioning file.
Please specify the backing IoT Hub name using --iothub-hostname switch if you have that information.
Since no hostname is provided, all hub connectivity tests will be skipped.
‼ host can connect to and perform TLS handshake with iothub HTTPS / WebSockets port - Warning
Could not retrieve iothub_hostname from provisioning file.
Please specify the backing IoT Hub name using --iothub-hostname switch if you have that information.
Since no hostname is provided, all hub connectivity tests will be skipped.
‼ host can connect to and perform TLS handshake with iothub MQTT port - Warning
Could not retrieve iothub_hostname from provisioning file.
Please specify the backing IoT Hub name using --iothub-hostname switch if you have that information.
Since no hostname is provided, all hub connectivity tests will be skipped.
√ host can connect to and perform TLS handshake with DPS endpoint - OK
Configuration checks
--------------------
√ aziot-edged configuration is well-formed - OK
√ configuration up-to-date with config.toml - OK
√ container engine is installed and functional - OK
√ configuration has correct URIs for daemon mgmt endpoint - OK
√ aziot-edge package is up-to-date - OK
√ container time is close to host time - OK
‼ DNS server - Warning
Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub.
Please see https://aka.ms/iotedge-prod-checklist-dns for best practices.
You can ignore this warning if you are setting DNS server per module in the Edge deployment.
‼ production readiness: logs policy - Warning
Container engine is not configured to rotate module logs which may cause it run out of disk space.
Please see https://aka.ms/iotedge-prod-checklist-logs for best practices.
You can ignore this warning if you are setting log policy per module in the Edge deployment.
√ production readiness: Edge Agent's storage directory is persisted on the host filesystem - OK
√ production readiness: Edge Hub's storage directory is persisted on the host filesystem - OK
√ proxy settings are consistent in aziot-edged, aziot-identityd, moby daemon and config.toml - OK
Connectivity checks
-------------------
26 check(s) succeeded.
6 check(s) raised warnings. Re-run with --verbose for more details.
7 check(s) were skipped due to errors from other checks. Re-run with --verbose for more details.
```
Device Information
Host OS: Ubuntu 22.04
Architecture [e.g. amd64, arm32, arm64]: amd64
Container OS [e.g. Linux containers, Windows containers]: Linux containers
Runtime Versions
aziot-edged [run iotedge version]: iotedge 1.5.0
Edge Agent [image tag (e.g. 1.0.0)]: 1.5.0
Edge Hub [image tag (e.g. 1.0.0)]: 1.5.0
Docker/Moby [run docker version]: 26.1.3-1
Note: when using Windows containers on Windows, run docker -H npipe:////./pipe/iotedge_moby_engine version instead
Logs
iotedge system logs
```
Jun 06 12:42:56 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:42:56Z [INFO] - Starting Azure IoT Edge Daemon
Jun 06 12:42:56 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0
Jun 06 12:42:56 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:42:56Z [INFO] - Obtaining Edge device provisioning data...
Jun 06 12:42:56 test-ubuntu2204 systemd[1]: Started Azure IoT Identity Service.
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Starting service...
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Loaded openssl'd Default provider
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Provisioning starting. Reason: Startup
Jun 06 12:42:56 test-ubuntu2204 systemd[1]: Started Azure IoT Keys Service.
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Starting service...
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Loaded libaziot-keys with version 0x02010000
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Starting server...
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [ERR!] - invalid parameter "id": not found
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - !!! a parameter has an invalid value
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 400 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 systemd[1]: Started Azure IoT Certificates Service.
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - Starting service...
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - Starting server...
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - <-- GET /certificates/device-id?api-version=2020-09-01 {"host": "certd.sock"}
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - !!! parameter "id" has an invalid value
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - !!! caused by: not found
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - --> 400 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /keypair?api-version=2021-05-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "56"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "355", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - <-- POST /certificates?api-version=2020-09-01 {"content-type": "application/json", "host": "certd.sock", "content-length": "947"}
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - --> 201 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Provisioned with backup for mydevice.
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Successfully provisioned with DPS.
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Provisioning complete.
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Identity reconciliation started. Reason: Startup
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "636", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning.
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - <-- GET /certificates/device-id?api-version=2020-09-01 {"host": "certd.sock"}
Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Sending DPS registration request.
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "355", "content-type": "application/json"}
Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:01 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:01Z [INFO] - Checking DPS registration status.
Jun 06 12:43:01 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:01Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "355", "content-type": "application/json"}
Jun 06 12:43:01 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:01Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Assigned to IoT hub: TestIotHub.azure-devices.net
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - DPS registration complete.
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Successfully provisioned with DPS.
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "636", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Identity reconciliation complete.
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Starting server...
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - <-- POST /identities/device?api-version=2020-09-01 {"content-type": "application/json", "host": "identityd.sock", "content-length": "16"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Device is mydevice on TestIotHub.azure-devices.net
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Initializing module runtime...
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Using runtime network id azure-iot-edge
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Successfully initialized module runtime
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /keypair?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "61"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - <-- GET /certificates/aziot-edged-ca?api-version=2020-09-01 {"host": "certd.sock"}
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - !!! parameter "id" has an invalid value
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - !!! caused by: not found
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - --> 400 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Requesting new Edge CA certificate...
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "359", "content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - <-- POST /certificates?api-version=2020-09-01 {"content-type": "application/json", "host": "certd.sock", "content-length": "1046"}
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - --> 201 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Created new Edge CA certificate
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - <-- GET /certificates/aziot-edged-ca?api-version=2020-09-01 {"host": "certd.sock"}
Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"}
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Certificate aziot-edged-ca will be auto-renewed. Next renewal at 2024-06-07T07:55:02+00:00.
Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Stopping all modules...
J
```
edge-agent logs
```
```
edge-hub logs
```
```
Additional Information
Please provide any additional information that may be helpful in understanding the issue.
I want to use EST but without the random module restart.
Expected Behavior
Edge CA renewal should be disabled
Current Behavior
Edge CA renewal is enabled
Steps to Reproduce
Provide a detailed set of steps to reproduce the bug.
Context (Environment)
config.toml
Click here
``` # ============================================================================== # Hostname # ============================================================================== # # Uncomment the next line to override the default hostname of this device. # hostname = "xxxxxxxxxxxxxxxxxx.cloudapp.azure.com" # ============================================================================== # Parent hostname # ============================================================================== # # If this is a Nested Edge device, uncomment the next line to set the # parent hostname of this device. # # parent_hostname = "my-parent-device" # ============================================================================== # Trust bundle cert # ============================================================================== # # If you have any trusted CA certificates required for Edge module communication, # uncomment the next line and set the value to a file URI for # the path of the file. # # trust_bundle_cert = "file:///var/secrets/trust-bundle.pem" # ============================================================================== # Elevated Docker Permissions Flag # ============================================================================== # # Some docker capabilities can be used to gain root access. # By default, the --privileged flag and all capabilities listed in the CapAdd # field of the docker HostConfig are allowed. # # In a future release, this will be disabled by default and the flag will be required # run as privileged. # # If no modules require privileged or additional capabilities, uncomment the following # line to improve the security of the device. # # allow_elevated_docker_permissions = false # ============================================================================== # Module identity cache preference # ============================================================================== # # The default behavior is to request module identities from IoT Hub and fall back to a # cached backup if the Hub request fails. This keeps identities in sync with IoT Hub, # but results in extra requests to Hub that may not be necessary depending on use case. # # Setting prefer_module_identity_cache to true reverses the behavior so that the cached # identities are preferred to IoT Hub requests. Requests to Hub are still made if identities # are not found in the cache. # # prefer_module_identity_cache = false # ============================================================================== # Provisioning # ============================================================================== # Optional auto reprovisioning mode # ------------------------------------ # This property specifies the conditions under which the device attempts to # automatically reprovision with the cloud. It is ignored if the device has # been provisioned manually. One of the following values can be set: # Dynamic: Reprovision when the device detects that it may have # been moved from one IoT Hub to another. This is the default. # AlwaysOnStartup: Reprovision when the device is rebooted or a crash causes # the daemon(s) to restart. # OnErrorOnly: Never trigger device reprovisioning automatically. # Device reprovisioning only occurs as fallback, if the device # is unable to connect to IoT Hub during identity provisioning # due to connectivity errors. This fallback behavior is implicit # in Dynamic and AlwaysOnStartup modes as well. # # auto_reprovisioning_mode = Dynamic # # ============================================================================== # Cloud Timeout and Retry Behavior # ============================================================================== # # These settings control the timeout and retries for cloud operations, such as # communication with DPS during provisioning or IoT Hub for module identity creation. # # cloud_timeout_sec is the deadline (in seconds) for a network request (such as # an HTTP request) to the aforementioned cloud services. A response from the cloud # must be received before this deadline, or the request will fail as timed out. # # cloud_retries controls how many times a request may be retried should it fail. # The client will always send at least one attempt, so its value will be the number # of retries after the first attempt should that fail (i.e. cloud_retries = 2 # means that the client will make a total of 3 attempts). # # cloud_timeout_sec = 10 # cloud_retries = 1 # Provisioning configuration # -------------------------- # Uncomment one block and replace the stub values with yours. ## Manual provisioning with connection string # # [provisioning] # source = "manual" # connection_string = "HostName=example.azure-devices.net;DeviceId=my-device;SharedAccessKey=YXppb3QtaWRlbnRpdHktc2VydmljZXxhemlvdC1pZGU=" ## Manual provisioning with symmetric key # [provisioning] # source = "manual" # iothub_hostname = "example.azure-devices.net" # device_id = "my-device" # # [provisioning.authentication] # method = "sas" # # device_id_pk = { value = "YXppb3QtaWRlbnRpdHktc2VydmljZXxhemlvdC1pZGU=" } # inline key (base64), or... # device_id_pk = { uri = "file:///var/secrets/device-id.key" } # file URI, or... # device_id_pk = { uri = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" } # PKCS#11 URI ## Manual provisioning with X.509 certificate # [provisioning] # source = "manual" # iothub_hostname = "example.azure-devices.net" # device_id = "my-device" # # [provisioning.authentication] # method = "x509" # ## identity certificate private key # identity_pk = "file:///var/secrets/device-id.key.pem" # file URI, or... # identity_pk = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" # PKCS#11 URI # ## identity certificate # identity_cert = "file:///var/secrets/device-id.pem" # file URI, or... # [provisioning.authentication.identity_cert] # dynamically issued via... # method = "est" # - EST # method = "local_ca" # - a local CA # common_name = "my-device" # with the given common name, or... # subject = { L = "AQ", ST = "Antarctica", CN = "my-device" } # with the given DN fields ## DPS provisioning with symmetric key # [provisioning] # source = "dps" # global_endpoint = "https://global.azure-devices-provisioning.net" # id_scope = "0ab1234C5D6" # ## Uncomment to send a custom payload during DPS registration # payload = { uri = "file:///var/secrets/aziot/identityd/dps-additional-data.json" } # # [provisioning.attestation] # method = "symmetric_key" # registration_id = "my-device" # # symmetric_key = { value = "YXppb3QtaWRlbnRpdHktc2VydmljZXxhemlvdC1pZGVudGl0eS1zZXJ2aWNlfGF6aW90LWlkZW50aXR5LXNlcg==" } # inline key (base64), or... # symmetric_key = { uri = "file:///var/secrets/device-id.key" } # file URI, or... # symmetric_key = { uri = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" } # PKCS#11 URI ## DPS provisioning with X.509 certificate [provisioning] source = "dps" global_endpoint = "https://global.azure-devices-provisioning.net/" id_scope = "0xxxxxxxxxx" # ## Uncomment to send a custom payload during DPS registration # payload = { uri = "file:///var/secrets/aziot/identityd/dps-additional-data.json" } # [provisioning.attestation] method = "x509" registration_id = "my-device" # ## identity certificate private key # identity_pk = "file:///var/secrets/device-id.key.pem" # file URI, or... # identity_pk = "pkcs11:slot-id=0;object=device%20id?pin-value=1234" # PKCS#11 URI # ## identity certificate # identity_cert = "file:///var/secrets/device-id.pem" # file URI, or... [provisioning.attestation.identity_cert] # dynamically issued via... method = "est" # - EST # method = "local_ca" # - a local CA common_name = "my-device" # with the given common name, or... # subject = { L = "AQ", ST = "Antarctica", CN = "my-device" } # with the given DN fields # ## Uncomment the section below to enable automatic renewal of the device ID certificate. ## Auto-renewal requires a known certificate issuance method. This generally means that ## 'method' is either 'est' or 'local_ca'. ## ## IMPORTANT: ## ONLY ENABLE AUTO-RENEWAL IF THIS DEVICE IS CONFIGURED FOR CA-BASED DPS ENROLLMENT. ## USING AUTO-RENEWAL FOR AN INDIVIDUAL ENROLLMENT WILL CAUSE THE DEVICE TO BE UNABLE ## TO REPROVISION. # [provisioning.attestation.identity_cert.auto_renew] # rotate_key = true # threshold = "80%" # retry = "4%" ## DPS provisioning with TPM # [provisioning] # source = "dps" # global_endpoint = "https://global.azure-devices-provisioning.net" # id_scope = "0ab1234C5D6" # ## Uncomment to send a custom payload during DPS registration # payload = { uri = "file:///var/secrets/aziot/identityd/dps-additional-data.json" } # # [provisioning.attestation] # method = "tpm" # registration_id = "my-device" # ============================================================================== # Cert issuance # ============================================================================== # # If you configured any dynamically issued certs above, uncomment the block # corresponding to the issuance method and replace the stub values with yours. # Cert issuance via EST # --------------------- [cert_issuance.est] trusted_certs = [ "file:///var/aziot/certs/cacert.crt.pem", ] [cert_issuance.est.auth] username = "estuser" password = "estpwd" # # # EST ID cert already on device, or... # identity_cert = "file:///var/secrets/est-id.pem" # # identity_pk = "file:///var/secrets/est-id.key.pem" # file URI, or... # identity_pk = "pkcs11:slot-id=0;object=est-id?pin-value=1234" # PKCS#11 URI # # # EST ID cert requested via EST bootstrap ID cert # bootstrap_identity_cert = "file:///var/secrets/est-bootstrap-id.pem" # # bootstrap_identity_pk = "file:///var/secrets/est-bootstrap-id.key.pem" # file URI, or... # bootstrap_identity_pk = "pkcs11:slot-id=0;object=est-bootstrap-id?pin-value=1234" # PKCS#11 URI # ## Controls the renewal of EST identity certs. These certs are issued by the EST server after ## initial authentication with the bootstrap cert and managed by Certificates Service. # [cert_issuance.est.identity_auto_renew] # rotate_key = true # threshold = "80%" # retry = "4%" # [cert_issuance.est.urls] default = "https://localhost:8085/.well-known/est" # Cert issuance via local CA # -------------------------- # [cert_issuance.local_ca] # cert = "file:///var/secrets/local-ca.pem" # # pk = "file:///var/secrets/local-ca.key.pem" # file URI, or... # pk = "pkcs11:slot-id=0;object=local-ca?pin-value=1234" # PKCS#11 URI # ============================================================================== # TPM # ============================================================================== # # If special configuration is required for the TPM when using DPS TPM # provisioning, uncomment any pertinent sections below. # [tpm] # # TCTI loader string; see "TCG TSS 2.0 TPM Command Transmission # # Interface (TCTI) API Specification" section 3.5 for an overview of # # acceptable TCTI loader strings. By default, this is "device". Setting # # this to the empty string will cause the TCTI loader library to try # # loading a predefined set of TCTI modules in order. # # Ref: https://github.com/tpm2-software/tpm2-tss/blob/3.1.1/src/tss2-tcti/tctildr-dl.c#L28-L59 # tcti = "swtpm:port=2321" # # # The TPM index at which to persist the DPS authentication key. The index is # # taken as an offset from the base address for persistent objects # # (0x81000000), and must lie in the range 0x00_00_00--0x7F_FF_FF. The default # # value is 0x00_01_00. # auth_key_index = "0x00_01_00" # # Authorization values for use of the endorsement and owner hierarchies, if # # necessary. By default, these are empty strings. # [tpm.hierarchy_authorization] # endorsement = "hello" # owner = "world" # ============================================================================== # PKCS#11 # ============================================================================== # # If you used any PKCS#11 URIs above, uncomment the next block and # replace the stub values with your PKCS#11 configuration. # [aziot_keys] # pkcs11_lib_path = "/usr/lib/libmypkcs11.so" # pkcs11_base_slot = "pkcs11:slot-id=0?pin-value=1234" # ============================================================================== # Default Edge Agent # ============================================================================== # # If you need to override the parameters of the default Edge Agent module, # uncomment this section and replace the values in this section with your own. # # Note that the agent.config.createOptions field is specified as # a TOML inline table. This format looks similar to JSON but it is not JSON. # See https://toml.io/en/v1.0.0#inline-table for documentation. # [agent] # name = "edgeAgent" # type = "docker" # imagePullPolicy = "..." # "on-create" or "never". Defaults to "on-create" # [agent.config] # image = "mcr.microsoft.com/azureiotedge-agent:1.5" # createOptions = { HostConfig = { Binds = ["/iotedge/storage:/iotedge/storage"] } } # [agent.config.auth] # serveraddress = "example.azurecr.io" # username = "username" # password = "password" # [agent.env] # "RuntimeLogLevel" = "debug" # "UpstreamProtocol" = "AmqpWs" # "storageFolder" = "/iotedge/storage" # ============================================================================== # Daemon management and workload API endpoints # ============================================================================== # # If you need to override the management and workload API endpoints, # uncomment this section and replace the values in this section with your own. # [connect] # workload_uri = "unix:///var/run/iotedge/workload.sock" # management_uri = "unix:///var/run/iotedge/mgmt.sock" # # [listen] # workload_uri = "fd://aziot-edged.workload.socket" # management_uri = "fd://aziot-edged.mgmt.socket" # ============================================================================== # Edge Agent watchdog # ============================================================================== # # If you need to override the default Edge Agent watchdog settings, # uncomment this section and replace the values with your own. # # [watchdog] # max_retries = "infinite" # the string "infinite" or a positive integer. Defaults to "infinite" # ============================================================================== # Edge CA certificate # ============================================================================== # # If you have your own Edge CA certificate that you want all module certificates # to be issued by, uncomment one of the sections below and replace the values with # your own. # Edge CA certificate loaded from a file: # --------------------- # [edge_ca] # cert = "file:///var/secrets/edge-ca.pem" # file URI # # pk = "file:///var/secrets/edge-ca.key.pem" # file URI, or... # pk = "pkcs11:slot-id=0;object=edge%20ca?pin-value=1234" # PKCS#11 URI # Edge CA certificate issued over EST: # --------------------- [edge_ca] method = "est" # # # Optional EST configuration for issuing the Edge CA certificate below. # # If not set, the defaults in [cert_issuance.est] will be used. # # common_name = "aziot-edge CA" # expiry_days = 90 # url = "https://example.org/.well-known/est" # # username = "estuser" # password = "estpwd" # # # EST ID cert already on device, or... # identity_cert = "file:///var/secrets/est-id.pem" # # identity_pk = "file:///var/secrets/est-id.key.pem" # file URI, or... # identity_pk = "pkcs11:slot-id=0;object=est-id?pin-value=1234" # PKCS#11 URI # # # EST ID cert requested via EST bootstrap ID cert # bootstrap_identity_cert = "file:///var/secrets/est-bootstrap-id.pem" # # bootstrap_identity_pk = "file:///var/secrets/est-bootstrap-id.key.pem" # file URI, or... # bootstrap_identity_pk = "pkcs11:slot-id=0;object=est-bootstrap-id?pin-value=1234" # PKCS#11 URI # Edge CA certificate issued from a local CA certificate: # Requires [cert_issuance.local_ca] to be set. # --------------------- # [edge_ca] # method = "local_ca" # # # Optional configuration below. # # common_name = "aziot-edge CA" # expiry_days = 90 # ============================================================================== # Edge CA certificate (Quickstart) # ============================================================================== # # If you do not have your own Edge CA certificate that you want all # module certificates to be issued by, you can uncomment this section and # set the number of days for the lifetime of the auto-generated # self-signed Edge CA certificate. Defaults to 90 days. # # SECURITY NOTE: this setting is NOT recommended for production usage. Please # configure your own Edge CA certificate in the Edge CA certificate section # above instead. # # [edge_ca] # auto_generated_edge_ca_expiry_days = 90 # ============================================================================== # Edge CA certificate auto-renewal # ============================================================================== # # Manage auto-renewal of the Edge CA certificate. Generally, this applies when the # Edge CA is configured as Quickstart or when the Edge CA has an issuance `method` # set. Edge CA certs loaded from files generally cannot be auto-renewed as the Edge # runtime will not have enough information to renew them. # # Renewal of an Edge CA requires all server certificates issued by that CA to be # regenerated. This is done by restarting all modules. The time of Edge CA renewal # cannot be guaranteed, so if random module restarts are unacceptable for your use # case, disable auto renewal. # # Note that for auto-generated (quickstart) certificates, both the certificate and key # must be regenerated on renewal so rotate_key must be true. Another issuance method # is required if rotate_key = false. # # [edge_ca.auto_renew] # rotate_key = true # threshold = "80%" # retry = "4%" # ============================================================================== # Image garbage collection # ============================================================================== # # If you need to override the default image garbage collection configuration, # uncomment this section and replace the values in this section with your own. # # 'enabled' controls whether image garbage collection runs or not. # 'cleanup_recurrence' is how frequently you want the image gc to run. # 'image_age_cleanup_threshold' is the "age" of unused images, after which they will be cleaned up. # 'cleanup_time' in 24-hour HH:MM format is a best efforts dictate of when the cleanup job runs. # [image_garbage_collection] # enabled = true # cleanup_recurrence = "1d" # image_age_cleanup_threshold = "7d" # cleanup_time = "00:00" # ============================================================================== # Moby runtime # ============================================================================== # # If you need to override the default Moby runtime configuration, # uncomment this section and replace the values in this section with your own. # [moby_runtime] # uri = "unix:///var/run/docker.sock" # network = "azure-iot-edge" ```Output of
iotedge check
Click here
``` Configuration checks (aziot-identity-service) --------------------------------------------- √ keyd configuration is well-formed - OK √ certd configuration is well-formed - OK √ tpmd configuration is well-formed - OK √ identityd configuration is well-formed - OK √ daemon configurations up-to-date with config.toml - OK √ identityd config toml file specifies a valid hostname - OK √ aziot-identity-service package is up-to-date - OK √ host time is close to reference time - OK ‼ production readiness: identity certificates expiry - Warning DPS identity 'device-id' will expire soon (2024-06-07 09:21:12 UTC, in 0 days) √ preloaded certificates are valid - OK √ keyd is running - OK √ certd is running - OK √ identityd is running - OK √ read all preloaded certificates from the Certificates Service - OK √ read all preloaded key pairs from the Keys Service - OK √ check all EST server URLs utilize HTTPS - OK √ ensure all preloaded certificates match preloaded private keys with the same ID - OK Connectivity checks (aziot-identity-service) -------------------------------------------- ‼ host can connect to and perform TLS handshake with iothub AMQP port - Warning Could not retrieve iothub_hostname from provisioning file. Please specify the backing IoT Hub name using --iothub-hostname switch if you have that information. Since no hostname is provided, all hub connectivity tests will be skipped. ‼ host can connect to and perform TLS handshake with iothub HTTPS / WebSockets port - Warning Could not retrieve iothub_hostname from provisioning file. Please specify the backing IoT Hub name using --iothub-hostname switch if you have that information. Since no hostname is provided, all hub connectivity tests will be skipped. ‼ host can connect to and perform TLS handshake with iothub MQTT port - Warning Could not retrieve iothub_hostname from provisioning file. Please specify the backing IoT Hub name using --iothub-hostname switch if you have that information. Since no hostname is provided, all hub connectivity tests will be skipped. √ host can connect to and perform TLS handshake with DPS endpoint - OK Configuration checks -------------------- √ aziot-edged configuration is well-formed - OK √ configuration up-to-date with config.toml - OK √ container engine is installed and functional - OK √ configuration has correct URIs for daemon mgmt endpoint - OK √ aziot-edge package is up-to-date - OK √ container time is close to host time - OK ‼ DNS server - Warning Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub. Please see https://aka.ms/iotedge-prod-checklist-dns for best practices. You can ignore this warning if you are setting DNS server per module in the Edge deployment. ‼ production readiness: logs policy - Warning Container engine is not configured to rotate module logs which may cause it run out of disk space. Please see https://aka.ms/iotedge-prod-checklist-logs for best practices. You can ignore this warning if you are setting log policy per module in the Edge deployment. √ production readiness: Edge Agent's storage directory is persisted on the host filesystem - OK √ production readiness: Edge Hub's storage directory is persisted on the host filesystem - OK √ proxy settings are consistent in aziot-edged, aziot-identityd, moby daemon and config.toml - OK Connectivity checks ------------------- 26 check(s) succeeded. 6 check(s) raised warnings. Re-run with --verbose for more details. 7 check(s) were skipped due to errors from other checks. Re-run with --verbose for more details. ```Device Information
Runtime Versions
iotedge version
]: iotedge 1.5.0docker version
]: 26.1.3-1Note: when using Windows containers on Windows, run
docker -H npipe:////./pipe/iotedge_moby_engine version
insteadLogs
iotedge system logs
``` Jun 06 12:42:56 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:42:56Z [INFO] - Starting Azure IoT Edge Daemon Jun 06 12:42:56 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0 Jun 06 12:42:56 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:42:56Z [INFO] - Obtaining Edge device provisioning data... Jun 06 12:42:56 test-ubuntu2204 systemd[1]: Started Azure IoT Identity Service. Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Starting service... Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0 Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Loaded openssl'd Default provider Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Provisioning starting. Reason: Startup Jun 06 12:42:56 test-ubuntu2204 systemd[1]: Started Azure IoT Keys Service. Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Starting service... Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0 Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Loaded libaziot-keys with version 0x02010000 Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - Starting server... Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [ERR!] - invalid parameter "id": not found Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - !!! a parameter has an invalid value Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 400 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 systemd[1]: Started Azure IoT Certificates Service. Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - Starting service... Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - Version - 1.5.0 Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - Starting server... Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - <-- GET /certificates/device-id?api-version=2020-09-01 {"host": "certd.sock"} Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - !!! parameter "id" has an invalid value Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - !!! caused by: not found Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - --> 400 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /keypair?api-version=2021-05-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "56"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "355", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - <-- POST /certificates?api-version=2020-09-01 {"content-type": "application/json", "host": "certd.sock", "content-length": "947"} Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - --> 201 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Provisioned with backup for mydevice. Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Successfully provisioned with DPS. Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Provisioning complete. Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Identity reconciliation started. Reason: Startup Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "636", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning. Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - <-- GET /certificates/device-id?api-version=2020-09-01 {"host": "certd.sock"} Jun 06 12:42:56 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:42:56Z [INFO] - Sending DPS registration request. Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "355", "content-type": "application/json"} Jun 06 12:42:56 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:42:56Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:01 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:01Z [INFO] - Checking DPS registration status. Jun 06 12:43:01 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:01Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "355", "content-type": "application/json"} Jun 06 12:43:01 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:01Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Assigned to IoT hub: TestIotHub.azure-devices.net Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - DPS registration complete. Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Successfully provisioned with DPS. Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "636", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Identity reconciliation complete. Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - Starting server... Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - <-- POST /identities/device?api-version=2020-09-01 {"content-type": "application/json", "host": "identityd.sock", "content-length": "16"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-identityd[39314]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Device is mydevice on TestIotHub.azure-devices.net Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Initializing module runtime... Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Using runtime network id azure-iot-edge Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Successfully initialized module runtime Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /keypair?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "61"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - <-- GET /certificates/aziot-edged-ca?api-version=2020-09-01 {"host": "certd.sock"} Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - !!! parameter "id" has an invalid value Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - !!! caused by: not found Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - --> 400 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Requesting new Edge CA certificate... Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "252", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "359", "content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-keyd[39317]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - <-- POST /certificates?api-version=2020-09-01 {"content-type": "application/json", "host": "certd.sock", "content-length": "1046"} Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - --> 201 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Created new Edge CA certificate Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - <-- GET /certificates/aziot-edged-ca?api-version=2020-09-01 {"host": "certd.sock"} Jun 06 12:43:02 test-ubuntu2204 aziot-certd[39323]: 2024-06-06T12:43:02Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Certificate aziot-edged-ca will be auto-renewed. Next renewal at 2024-06-07T07:55:02+00:00. Jun 06 12:43:02 test-ubuntu2204 aziot-edged[39311]: 2024-06-06T12:43:02Z [INFO] - Stopping all modules... J ```edge-agent logs
```edge-hub logs
```Additional Information
Please provide any additional information that may be helpful in understanding the issue.