Closed jenkins-infra-bot closed 2 years ago
$ openssl crl -in ./cert/pki/crl.pem -noout -text Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /CN=vpn.jenkins.io Last Update: May 10 09:01:19 2021 GMT Next Update: Nov 6 09:01:19 2021 GMT # ...
$ openssl crl -in ./cert/pki/crl.pem -noout -text Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /CN=vpn.jenkins.io Last Update: Nov 6 11:02:41 2021 GMT Next Update: May 5 11:02:41 2022 GMT # ...
I've added the next expiry to the jenkins infra calendar
Since Saturday 06 november, 09:28 UTC, the authentication is refused by the VPN.
On the machine, the container logs shows the following error:
As per https://github.com/jenkins-infra/openvpn#howto-review-certificate-revocation-list, it means that the CRL has expired and need to be renewed.
Originally reported by dduportal, imported from: Update CRL for VPN (Nov 2021)