Closed coddingtonbear closed 2 years ago
coddingtonbear
commented
2 years ago Alright! As of now, all certificates that are within 7 days of their expiry will be automatically refreshed overnight. See the refresh_certificates subcommand of taskstore if you're curious.
zarelit
commented
2 years ago @coddingtonbear First of all thank you for the software and the service, it's amazing! I'm afraid that the renewal process somehow skipped my certificate. I tried to re-download it but openssl still says
Validity
Not Before: Mar 31 16:54:54 2021 GMT
Not After : Mar 31 16:54:54 2022 GMTNo bug in the expiration and renewal, solved by @coddingtonbear by restarting the job. Thank you!
Right now, when certificates have expired, there's no obvious way for a user to know that that has happened if they don't know that that's a possibility. Taskd will reply with a surprisingly vague error message: "The specified session has been invalidated for some reason"; so even the server reply isn't helpful for narrowing things down.
There was once a button in "Danger Zone" letting folks re-generate certificates, but I removed it a year or so ago after being under the impression it wasn't necessary any longer. Re-adding it isn't a good choice, really, given that the way inthe.am handles certificates has changed to (in the future) support allowing multiple individually-cancellable certificates to be generated per-account (with the hope of letting users have their own local certificate, and inthe.am its own separate one for interacting with the taskserver for their account), but what can be done for the moment at least is automatically re-generating certificates as they get close to expiry during some sort of cron job.