smalenfant opened a new issue, #7129: URL: https://github.com/apache/trafficcontrol/issues/7129
Notices that this happened after a 6.1.0 upgrade from 5.1.2 and also after a Traffic Vault Riak -> Postgresql migration. ## This Bug Report affects these Traffic Control components: - Traffic Ops ## Current behavior: When requesting certificate renewal, the ACME/Let's Encrypt process goes through but fails to write the new certificate to the database. /var/log/message: ``` Oct 12 13:52:13 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:13 [INFO] acme: Querying account for https://acme-v02.api.letsencrypt.org/acme/acct/102607427 Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [] acme: Trying renewal with 543 hours remaining Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Obtaining bundled SAN certificate Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/163738563286 Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Could not find solver for: tls-alpn-01 Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Could not find solver for: http-01 Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: use dns-01 solver Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Preparing to solve DNS-01 Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Trying to solve DNS-01 Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Checking DNS record propagation using [x.x.x.x:53] Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] Wait for propagation [timeout: 20m0s, interval: 30s] Oct 12 13:52:14 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:14 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Waiting for DNS record propagation. Oct 12 13:52:44 cdn1cdcms0001 traffic_ops: 2022/10/12 13:52:44 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Waiting for DNS record propagation. Oct 12 13:53:01 cdn1cdcms0001 systemd: Started Session 56323 of user root. Oct 12 13:53:20 cdn1cdcms0001 traffic_ops: 2022/10/12 13:53:20 [INFO] [crs.national-linear-red.cdn1.coxlab.net] The server validated our request Oct 12 13:53:20 cdn1cdcms0001 traffic_ops: 2022/10/12 13:53:20 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Cleaning DNS-01 challenge Oct 12 13:53:20 cdn1cdcms0001 traffic_ops: 2022/10/12 13:53:20 [INFO] [crs.national-linear-red.cdn1.coxlab.net] acme: Validations succeeded; requesting certificates Oct 12 13:53:20 cdn1cdcms0001 traffic_ops: 2022/10/12 13:53:20 [INFO] [crs.national-linear-red.cdn1.coxlab.net] Server responded with a certificate. ``` Traffic Ops Log: ``` x.x.x.x:55562 national-linear-red: putting keys in Traffic Vault: could not begin Traffic Vault PostgreSQL transaction: context deadline exceeded: context deadline exceeded Error posting acme certificate to Traffic Vault: could not begin Traffic Vault PostgreSQL transaction: context deadline exceeded: context deadline exceeded failed to write response (method = POST, URL = /api/4.0/deliveryservices/xmlId/national-linear-red/sslkeys/renew, request ID = 711, remote addr = x.x.x.x:55562, bytes written = 0): http: Handler timeout ``` ## Expected behavior: Certificate to be written to DB. ## Steps to reproduce: See above. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@trafficcontrol.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
