Hello all,
Hoping someone can help me shed some light on an issue I'm having with
Krill and delegated RPKI with ARIN.
Some background - I run a small ISP with a couple of v4 and a single v6
prefix. We have been running delegated RPKI with Krill for a couple of
years now without issue. Current version of Krill is 0.10.3 (I know
it's a bit out of date, haven't gotten around to testing upgrades yet).
Recently, I noticed that my prefixes stopped being identified as
RPKI-Valid, and while looking into this, I discovered Routinator is
complaining that the 'certificate has expired.' Now the odd thing is
that my handshakes with ARIN are up to date (last one was about 10
minutes ago), and the files in the local repository are constantly being
updated. On the routinator VM I have the following logs:
Dec 15 19:38:01 ca-vic-cu-bgp01 routinator[43871]: [WARN]
rsync://rpki.tools.westconnect.ca/repo/WestConnect-Pub/0/86A99076610E7C08AEDDCE8767AA5DC4528C4908.mft:
certificate has expired.
Dec 15 19:38:01 ca-vic-cu-bgp01 routinator[43871]: [WARN]
rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/1146938c-c605-4779-bf60-820a16fa701c/8f6916d463bfc5c35e4659c12889a337f3cc6f6b7fe978372b.cer:
no valid manifest
rsync://rpki.tools.westconnect.ca/repo/WestConnect-Pub/0/86A99076610E7C08AEDDCE8767AA5DC4528C4908.mft
found.
I'm at a bit of a loss here; if anyone can point me in the direction of
what certificate has expired, and how I might go about renewing it, I
would be most grateful.
Cheers,
Chris
--
RPKI mailing list
[email protected]
https://lists.nlnetlabs.nl/mailman/listinfo/rpki
