search

Azure / iotedge

The IoT Edge OSS project
MIT License
1.45k stars 457 forks source link

Manual IoT Edge CA certificate renewal error #7304

Open shaeussler opened 1 month ago

shaeussler commented 1 month ago

Is it neccessary to delete the IoT Edge hub and agent modules local storage after the manual IoT Edge CA certificate renewal?

Expected Behavior

No decrypt AZIOT_KEYS_RC_ERR_EXTERNAL error after manual IoT Edge CA certificate renewal.

Current Behavior

Decrypt AZIOT_KEYS_RC_ERR_EXTERNAL error after manual IoT Edge CA certificate renewal. If I delete the IoT Edge hub and agent modules local storage then there is no error.

Steps to Reproduce

Provide a detailed set of steps to reproduce the bug.

  1. Run https://learn.microsoft.com/en-us/azure/iot-edge/tutorial-configure-est-server?view=iotedge-1.5#run-est-server-on-device
  2. Set up host storage for system modules https://learn.microsoft.com/en-us/azure/iot-edge/production-checklist?view=iotedge-1.5#set-up-host-storage-for-system-modules
  3. Deploy Azure IoT edge module
  4. Delete the existing certificates and keys. https://learn.microsoft.com/en-us/azure/iot-edge/tutorial-configure-est-server?view=iotedge-1.5#test-certificate-renewal
  5. Check the logs with iotedge system logs

Context (Environment)

Output of iotedge system logs

Click here ``` Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - <-- POST /key?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "74"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - <-- POST /decrypt?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "2203"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - OpenSSL error Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - !!! internal error Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - !!! caused by: could not decrypt Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - !!! caused by: could not decrypt: AZIOT_KEYS_RC_ERR_EXTERNAL Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - --> 500 {"content-type": "application/json"} Jun 06 14:29:16 test-ubuntu2204 aziot-edged[60080]: 2024-06-06T14:29:16Z [INFO] - --> 500 {"content-type": "application/json"} Jun 06 14:29:16 test-ubuntu2204 aziot-edged[60080]: 2024-06-06T14:29:16Z [INFO] - <-- POST /modules/%24edgeHub/genid/638532788429039901/decrypt?api-version=2020-07-07 {"accept": "application/json", "host": "workload.sock:80", "connection": "close", "content-type": "application/json", "content-length": "1875"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - <-- POST /key?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "74"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - --> 200 {"content-type": "application/json"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [INFO] - <-- POST /decrypt?api-version=2020-09-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "2203"} Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - OpenSSL error Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - !!! internal error Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - !!! caused by: could not decrypt Jun 06 14:29:16 test-ubuntu2204 aziot-keyd[59857]: 2024-06-06T14:29:16Z [ERR!] - !!! caused by: could not decrypt: AZIOT_KEYS_RC_ERR_EXTERNAL ```