Open onclebendusud opened 3 years ago
I looked more closely at /metrics page and I see the new certificate but i still see the old ones:
configurable="false",env="TLS-PROD",is_ca="false",issuer="",location="credhub",product_guid="cf-f4bf1d8d39dab11084df",property_reference="",valid_from="0001-01-01
00:00:00 +0000 UTC",valid_until="2021-03-12 10:44:25 +0000 UTC",variable_path="/bosh_dns_health_client_tls"} 2.77736776962055e+06
configurable="false",env="TLS-PROD",is_ca="false",issuer="",location="credhub",product_guid="cf-f4bf1d8d39dab11084df",property_reference="",valid_from="0001-01-01
00:00:00 +0000 UTC",valid_until="2022-02-08 06:07:27 +0000 UTC",variable_path="/bosh_dns_health_client_tls"} 3.153194976965983e+07
The problem is Grafana shows the certificate as expiring.
Really strange, if i look for bosh_dns_health_server_tls I see 20 certs on /metrics page 8 are just duplicates with same valid_until values (16 total lines), 4 lines show the new valid_until values. If i look at api/v0/deployed/certificates there are only 8 (one for each product)
Hey Benoit,
Thanks for let us know, let me take a look
Thanks
Hi Faisal, we renewed Non-config leaf certs because they were expiring next month. Now on Certificates page (OpsMgr UI) we don't see anymore cf cert as expiring. But on /metrics from Tanzu certificate exporter application there is no update, we still see all certificates as expiring. Apply changes on TAS finished almost 2 hours ago (INTERVAL: 3600). We had the same issue on TA env, and I had to restart the application to update /metrics page. FYI we are using OPSMAN_CLIENT_ID (maybe it's the root cause?). Brgds Benoit