oldthreefeng opened a new issue #4067:
URL: https://github.com/apache/apisix/issues/4067


   ### Issue description
   
   ### Environment
   
   * apisix version (cmd: `apisix version`): 1.5
   * OS (cmd: `uname -a`): centos 7.9, 
   * OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
   ```
   openresty -V
   Tengine version: Tengine/2.3.2
   nginx version: nginx/1.17.3
   built by gcc 6.4.0 (Alpine 6.4.0) 
   built with OpenSSL 1.1.1b Tassl 1.4  23 Aug 2020
   TLS SNI support enabled
   
   ```
   * etcd version, if have (cmd: run `curl 
http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
   ```
   / # etcdctl --version
   etcdctl version: 3.3.25
   API version: 2
   / # exit
   
   ```
   * apisix-dashboard version, if have:
   
   ### Minimal test code / Steps to reproduce the issue
   
   update ssl cert by curl patch. 
   
   i get the cert from cluster 
   ```
   curl  -H "X-API-KEY: $X_API_KEY"  -sSfL 
http://*:9180/apisix/admin/ssl/00000000000000000638  | jq .
   {
     "node": {
       "value": {
         "cert": "-----BEGIN 
CERTIFICATE-----\nMIIFPTCCBCWgAwIBAgISA7TkxJvohgY6TqWAE2cu6zzMMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTAzMjkxNTU2MDNaFw0yMTA2MjcxNTU2MDNaMBwxGjAYBgNVBAMT\nEWJldGEuaWxlYXJudGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA0rR7j1z3GH/M9RVioXCQ4yVBSixcHf9oK7LVumNhmgDYMdoUNpovRsDJXB0n\ntjxC3viXVybd3KJHpZ2eI6pfbvRB98gsyNBDYXs3JSxfWUnlf4gX3Y+kS2BTtkzp\nu00OilNjwGwyfbqkVy2OyAlbLufNbKmab3QWSzzxjidLRmp5BkYF8eyRbWxYlyQb\ng7VzEBz9/kMf3WFEfn1dPRwrej/9pDhXdz6BF0ivW1nmcSTerCeW1ujosgSYwX1X\nRcYFNqPfBfOMS9ENIDNLvJXjcowOwWXy5M5vUAdGgb63tonlCJZ0mPoGXQ/jXaf0\nQBfLazDdchhMxoAxg52iOiWXRQIDAQABo4ICYTCCAl0wDgYDVR0PAQH/BAQDAgWg\nMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G\nA1UdDgQWBBT04ICFySd41oCrvh47oJDlsaaN6jAfBgNVHSMEGDAWgBQULrMXt1hW\ny65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6\nLy9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu\nb3JnLzAxBgNVHREEKjAoghMqLmJ
 
ldGEuaWxlYXJudGEuY29tghFiZXRhLmlsZWFy\nbnRhLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYG\nCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB\n1nkCBAIEgfUEgfIA8AB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGo\nAAABeH7p7lEAAAQDAEcwRQIhAJZiwSi9tcne0xRjKr64J8jrwQbLx1GTWuXBtjGc\naEx4AiAlVQIW3lzS6ba3IXOOQvhX6zZ08Yip/XXy/zyIvmDCmAB2APZclC/RdzAi\nFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABeH7p7m8AAAQDAEcwRQIgMpy//pVZ\nw06hmEOguTD7BE2GXkMjpB1UkGl2N7GaN3ICIQCELylK5JPdcETLneL32ueL7aiy\ni/MFN41Ie94MeA5J2zANBgkqhkiG9w0BAQsFAAOCAQEAK3+q6k5uvmvrO3Ua0UB5\nG97zU+EGJXy6QxS+6o9uaAAFO/jw4ABnGi4ykGZjOejHHB2nfWRskB9SLNvft8fa\nXsrDt2NDTNM4z3ygJfEUAO4XzAqaor0DAJnoSOQXj5uAHPR/D+IpdhdppWzl4+/s\nJL8UtrLi9xD4ruMT6rXWYRpm33FH8c3bURn4zojO9hJZ9Fg1HzHg9rNQiJj7npw2\n77sEprgRBpnw08JeGiFS2wrujM9+GWP2ghcTOaVjQ6jRUOzomyyxsqdi6LJj0qXE\nrk1hBRpWHB3+MXweJcXIh8Q3jiVHx4LuyG7RWsewHH2uHkvBNbUb5qaXBeqUNk60\nMg==\n-----END
 CERTIFICATE-----\n\n-----BEGIN 
CERTIFICATE-----\nMIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISp
 
DBbN3zANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow\nMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT\nAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs\njVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp\nTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB\nU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7\ngcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel\n/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R\noYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E\nBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p\nZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE\np7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE\nAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu\nY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA
 
6Ly9jcmwuaWRlbnRydXN0\nLmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf\nr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B\nAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH\nejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8\nS8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL\nqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p\nO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw\nUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n-----END
 CERTIFICATE-----",
         "id": "00000000000000000638",
         "sni": "*.beta.ilearnta.com",
         "status": 1
       },
       "createdIndex": 764,
       "key": "/apisix/ssl/00000000000000000638",
       "modifiedIndex": 764
     },
     "action": "get"
   }
   
   ```
   
   i get the right ssl cert  from the admin ssl. 
   
   ```
   $ openssl x509 -noout -text -in  a.cer| grep Not 
               Not Before: Mar 29 15:56:03 2021 GMT
               Not After : Jun 27 15:56:03 2021 GMT
   ```
   
   but from the server side 
   
   ```
   $ echo -n \
           | openssl s_client -host www.beta.ilearnta.com -port 443 -showcerts 
2>/dev/null \
           | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > a.cer
   
   $ openssl x509 -noout -text -in a.cer | grep Not                             
          
               Not Before: Jan 29 11:56:02 2021 GMT
               Not After : Apr 29 11:56:02 2021 GMT
   ```
   this is really confused me. 
   
   is there any cache or other things to stop me get the right ssl cert ? 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Reply via email to