-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/build/vcs-test,x/net/http2/h2demo: certificate is expiring #47108
Comments
Thanks for catching this.
I believe it's because the |
Change https://golang.org/cl/334532 mentions this issue: |
Redeploying |
@FiloSottile do you happen to know how to get the email address change to take effect? Autocert doesn't support explicit account updates from what I could see. If I blow away the cache directory and the private key along with it, does that mean a new account will be created with the email associated? I don't want to burn a ton of time preventing a problem that might at worst cause us a little bit of annoyance in a few years. |
@heschi Yeah, you can blow away the cache and let it re-register. |
http2.golang.org also has expired. It probably needs redeploying as well. |
Right you are. Done. (No email there either yet.) |
Change https://golang.org/cl/334929 mentions this issue: |
Add golang-dev as the Autocert notification email so Let's Encrypt can send us emails. golang-dev is not an ideal choice, but we need something publicly accessible and there isn't an obvious better option. My understanding is we should expect essentially no emails so I don't want to worry too much about it. Updates golang/go#47108. Change-Id: Ic3b5b7554d516ea2840bb56499eb3b8f35bf2304 Reviewed-on: https://go-review.googlesource.com/c/net/+/334929 Trust: Heschi Kreinick <heschi@google.com> Run-TryBot: Heschi Kreinick <heschi@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Add golang-dev as the Autocert notification email so Let's Encrypt can send us emails. golang-dev is not an ideal choice, but we need something publicly accessible and there isn't an obvious better option. My understanding is we should expect essentially no emails so I don't want to worry too much about it. Updates golang/go#47108. Change-Id: I22951984e0d48a59787d110b9cef32cbe3d9bc4a Reviewed-on: https://go-review.googlesource.com/c/build/+/334532 Trust: Heschi Kreinick <heschi@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
I've reregistered h2demo and vcs-test. Hopefully that does it. I don't see an easy way to view account details using autocert. |
Add golang-dev as the Autocert notification email so Let's Encrypt can send us emails. golang-dev is not an ideal choice, but we need something publicly accessible and there isn't an obvious better option. My understanding is we should expect essentially no emails so I don't want to worry too much about it. Updates golang/go#47108. Change-Id: Ic3b5b7554d516ea2840bb56499eb3b8f35bf2304 Reviewed-on: https://go-review.googlesource.com/c/net/+/334929 Trust: Heschi Kreinick <heschi@google.com> Run-TryBot: Heschi Kreinick <heschi@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
The vcs-test.golang.org certificate will expire on July 16th, which suggests renewal is failing.
The most likely reason is that it might be built with an old version of x/crypto/acme/autocert which still uses ACVEv1, which Let's Encrypt recently turned off. In that case we should look into why we didn't get any emails from Let's Encrypt.
Regardless, we maybe should have alerts for expiring certificates and for error logs.
/cc @golang/release
The text was updated successfully, but these errors were encountered: