search

freswa / dovecot-xaps-daemon

MIT License
52 stars 11 forks source link

Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused #25

Closed Fogelholk closed 1 year ago

Fogelholk commented 1 year ago

Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused

The xapsd-daemon seems to stop responding to all dovecot requests when trying to renew the certificate, and Apple seems to either have problem, or have shut down the service to renew certs (I hope not!)

The cert generated for my server should work until 2023-04-21 07:50:19, but the service won't respond to dovecot requests because it's stuck in a loop trying to renew the cert, is there any workaround, or are we all gonna get shafted by Apple? :(

freswa commented 1 year ago

Could you share some logs please? identity.apple.com is responding just fine for me.

Fogelholk commented 1 year ago

Very strange, never think I'd get blocked, but I was! I changed my external IP for this server and suddenly Apple started responding again! Not sure why they blocked one of our addresses to begin with. Sorry for the noise!

The logs were just spamming this about every second and xapsd never responded to Dovecot requests (since it never fully started I guess?)

2023-03-29T21:47:49.619777+02:00 s972 xapsd[11314] time="2023-03-29T21:47:49+02:00" level=warning msg="Certificate not valid after 2023-04-21 07:50:19 +0000 UTC - renewing..."
2023-03-29T21:47:49.781248+02:00 s972 xapsd[11314] 2023/03/29 21:47:49 Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused
2023-03-29T21:47:51.318340+02:00 s972 xapsd[11314] time="2023-03-29T21:47:51+02:00" level=warning msg="Certificate not valid after 2023-04-21 07:50:19 +0000 UTC - renewing..."
2023-03-29T21:47:51.479158+02:00 s972 xapsd[11314] 2023/03/29 21:47:51 Post "https://identity.apple.com/pushcert/caservice/renew": dial tcp 17.179.244.134:443: connect: connection refused

As soon as I changed the external IP, the certificate was renewed successfully and xapsd happily started serving dovecot requests again.

I really thought it was already time for doomsday, since Apple seems to frown upon OS X Server :)