On 2021-08-22 03:11, Randy Bush via Opendnssec-user wrote:
list shows this is an old problem. but microsoft whack did not solve
this time
There are several incantations of this, which have different causes but
end
up as the same thing. The Microsoft whack was a restart of the signer?
I'm looking for both cause and quick fix. For either, can you
perform a
ods-enforcer key list -d | grep eae33574e49b6b581e348f6252fb86a5
I'm wondering whether this key is being retired.
In which case a patch fix might be to remove the signconf file
for this zone;
rm /var/opendnssec/signconf/hipster.biz.xml
and regenerate this:
ods-enforcer signconf
\Berry
FreeBSD rip.psg.com 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 GENERIC
amd64
opendnssec version 2.1.9
# softhsm --version
1.3.8
Aug 22 01:06:41 rip ods-signerd[707]: [hsm] unable to get key: key
eae33574e49b6b581e348f6252fb86a5 not found
Aug 22 01:06:41 rip ods-signerd[707]: [hsm] hsm_get_dnskey(): Got NULL
key
Aug 22 01:06:41 rip ods-signerd[707]: [hsm] unable to get key: hsm
failed to create dnskey
Aug 22 01:06:41 rip ods-signerd[707]: [zone] unable to prepare signing
keys for zone hipster.biz: error getting dnskey
Aug 22 01:06:41 rip ods-signerd[707]: [worker[1]] CRITICAL: failed to
sign zone hipster.biz: General error
same for lots of zones
any other incantations folk might suggest?
randy
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
