Skip to content
This repository has been archived by the owner on Jun 10, 2020. It is now read-only.

cert deploy fails if re-keyed #11

Open
Sander-agfa opened this issue Feb 25, 2019 · 1 comment
Open

cert deploy fails if re-keyed #11

Sander-agfa opened this issue Feb 25, 2019 · 1 comment

Comments

@Sander-agfa
Copy link
Contributor

A certificate (re-)deploy fails if the key has changed,
and certificate filename timestamping is disabled.
this bug can be worked around if you enable timestamping on the certificate filenames,
or if you temporarily delete/set another certificate/key in the active profile.

Error Received from the REST call:

02/19/2019:10:02:09 restCall():/usr/bin/curl -sk --connect-timeout 5 -m 120 -H Content-Type: application/json --user letsencrypt:*********** https://***********/mgmt/tm/sys/crypto/key -X POST -d "{ "command": "install", "name": "/Common/HOSTNAMEHEREkey", "from-local-file": "/var/config/rest/downloads/HOSTNAMEHERE.key", "securityType": "normal" }"
02/19/2019:10:02:10 createCertFromUpload()[Write Back Results]: {
"apiError": 3,
"code": 400,
"errorStack": [],
"message": "01070317:3: profile /Common/HOSTNAMEHERE's key and certificate do not match"
}

@Sander-agfa
Copy link
Contributor Author

Latest commit in #10 Fixes this issue.
Adds the timestamp once, even if timestamping is disabled if it detects this "key and cert do not match" error.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant