Closed dduportal closed 2 years ago
Tried to rollback to Docker image 1.0.24 (was in production friday and was working as expected): error still present
openssl crl -in ./cert/pki/crl.pem -noout -text
=> Next Update: May 5 11:02:41 2022 GMT in https://github.com/jenkins-infra/docker-openvpnopenssl x509 -in ./cert/pki/ca.crt -noout -text -enddate
=> notAfter=Mar 10 13:21:44 2029 GMT
=> It means that it is a server-side certificate
As suggested by @halkeye in IRC #jenkins-infra, we checked the NTP server, but it was up, running and synced (even after a full apt upgrade + reboot of the VPN machine)
=> Not the time
We need to regenerate a server certificate. Waiting for @olblak to share with us the required elements (or to confirm that we have to regenerate a CA and configs).
Many thanks @olblak for pointing us to the required elements that were already present in https://github.com/jenkins-infra/docker-openvpn (we failed to look on the correct location).
Incoming tasks to fix VPN:
ca.key
encrypted)
Service
VPN
Summary
When connecting to the VPN, the client fails and reports the following error:
It appears that the server certificate as expired.
This error appears for all users.
Reproduction steps
No response