Monitor reports on old certificate being expired, not renewed one #514
Comments
|
I tried clearing data, first events, then heartbeats, but that didn't change anything. Strangely, I never notice anything being gone for that monitor. Also, deleting data seems to trigger some bug for me, where stacktraces are all over the log. This seems solved after restarting the container. I didn't keep those logs yet, so can't tell more about this. Known issue, or should I file an issue next time I see this? |
|
Same issue here. Tried clearing events and heartbeats of a monitor and restart the container. But it still reports expired certificate. Checking the "Ignore TLS/SSL error for HTTPS websites" options does fix the issue, temporarily. Can't see anything specific in the logs, more then "Failing: certificate has expired" Edit 1 Edit 2 |
|
I heard the news a few week ago. I guess @srgvg is using the old ca.pem with a new cert. |
|
Can confirm same issue here, unsure what caused it because the certificates has been renewed automatically just fine. For me Uptime-Kuma was actually quicker to report something was wrong. Because it still worked on my Windows and Android devices. |
In the discussion, someone said:
It could be a bug of certbot.
As far as I know, Let's encrypt works without intermediate CA on Windows and Android, but not in Node.js. |
|
After checking, it seems my Firefox is still accepting that old root CA. I should have thought of this issue, as the hosts impacted are getting their ACME certirficates from a separate client instance... My apologies. I'd close this issue now, but perhaps this could be a pointer to a feature request for a better error message explaining why the cert is invalid? |
|
The new CA should be expired in 2025. Maybe it is not a urgent task. |
|
As a follow-up, I updated my certificates. Those were indeed specifically still indirectly signed by the older root certificate. Now, after updating this, I noticed kuma didn't pick them up, and kept returning an expired notice. Until I wen to edit and save (without changing anything), and that triggered it to pick up the new certificate. Suspending then resuming the check also triggered it to pick up the new certificate. So somehow, this bug report is still valid, it seems? |
|
Could it have been cached somehow in K3S? (Never used it so just guessing here) 🤔 |
Is it a duplicate question?
No similar open issues.
Describe the bug
I have some monitors on https endpoints. Those endpoints use the same certificate which originally recently (yesterday) expired, but that certificate was replaced by a more recent one some weeks ago already.
Somehow that old certificate is being cached, and the monitor reports on the preevious one's expiry date, not taking into account the certificate was replaced already. The cached certificate is not being invalidated.
To Reproduce
I didn't try to reproduce it, as that would take several days to reproduce manually, or months to wait for another issue to happen with e.g. ACME certificates.
Expected behavior
The monitor picks up the renewed certificate, and keeps reporting it as up, after the old certificate expired.
Info
Uptime Kuma Version: 1.7.1
Using Docker?: Not Docker but containerd within Kubernetes (K3S)
Docker Version: K3S 1.20
Node.js Version (Without Docker only): -
OS: K3OS
Browser: Firefox
Screenshots
In the screenshot you see how this monitor is still reporting down, with an expired certificate, but at the same time, the certificate expiry is shown as "(2021-12-06) 67 days".
On a side note: this host is not really "down". A feature request might be to make a difference in reporting it as down, or just an expired certificate?
Error Log
Nothing explicit about this isuue to be found in the log.
The text was updated successfully, but these errors were encountered: