OCSP update failed for all domains all of a sudden!

bzed / bzed-dehydrated

Puppet module for centralized CSR signing using Let’s Encrypt™ and lukas2511/dehydrated - keeping your keys safe on the host they belong to.

9 stars 11 forks source link

OCSP update failed for all domains all of a sudden! #27

Closed mcblum closed 3 years ago

mcblum commented 3 years ago

Hey! Still using your awesome Puppet module. All of a sudden I see 49 failed certs, all listed as OSCP update failed. Do you happen to know what might have caused that? I think I may need to update to the most recent version of your code / dehydrated, but I also need to read and remember how to do that :)

Hope all is well!

mcblum commented 3 years ago

One more bit of information, upgrading to 0.1.8 sends the following error:

Error: Path /opt/dehydrated/dehydrated exists and is not the desired repository.
Error: /Stage[main]/Dehydrated::Setup::Dehydrated_host/Vcsrepo[/opt/dehydrated/dehydrated]/ensure: change from 'absent' to 'latest' failed: Path /opt/dehydrated/dehydrated exists and is not the desired repository. (corrective)

bzed commented 3 years ago

/opt/dehydrated/dehydrated - is probably pretty muc houtdated. The upstream url changed, nothing I can fix. ocsp might fail because you've been using a way too old module verison.

mcblum commented 3 years ago

Thank you!