Problem
The SSL certificates that CloudPoint's internal services need to communicate with each other are generated with a one-year lifetime when CloudPoint is first installed. It should automatically renew those certificates before they expire, but the code to do that doesn't work (C3PM-15243, STESC-3171). When the certificates expire, CloudPoint ceases to work.
This issue exists in all versions of CloudPoint from 2.0 through 2.2.1.
Error Message
1. The customer installed CloudPoint a year or more ago.
2. The customer may not be able to login to the CloudPoint console.
3. If the customer is already logged in to the CloudPoint console, the UI shows busy spinners continuously as it tries to update the summary information.
4. If the customer attempts to restart CloudPoint, it fails to start. “docker ps” shows several of the CloudPoint internal service containers continuously restarting.
5. The CloudPoint logs show RabbitMQ and MongoDB connection errors like the following:
AMQPConnectionError: Connection to 172.18.0.3:5671 failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)AutoReconnect: flexsnap-mongodb:27017: [Errno -2] Name or service not known
These error messages may vary, but the parts highlighted in red are the key indicators of this problem.
Cause
The SSL certificates that CloudPoint's internal services need expires a year after deployment.
Solution
Download the diagnostic script cp_list_certs.sh, copy it to the customer’s CloudPoint server, and give it 755 permissions.
Run cp_list_certs.sh with no command line arguments to get a list of the CloudPoint SSL certificates and their expiration dates.
# ./cp_list_certs.sh
Here is an example of the output for one certificate. The last field, “notAfter” is the expiration date of the certificate.
coordinator.0.cert.pem
subject= /CN=coordinator.0/O=coordinator
notBefore=Aug 6 00:31:43 2019 GMT
notAfter=Aug 5 00:31:43 2020 GMT
If any of the certificates are expired or will expire soon, then contact technical support for assistance renewing the certificates.
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.