Managed Kubernetes
Latest
Frequently Asked Questions
Solutions
How Tos
Internal Only
Templates
Powered By
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Certificate Generation Fails Since Host CA Validity Is Less Than The Amount Of TTL With Which Certificate is Attempted To Be Generated In Vault
Copy Markdown
Open in ChatGPT
Open in Claude
Problem
Facing issues with node converging to the cluster resulting in complete outage the nodes which are rebooted/stack restarted.
Nodelet log
xxxxxxxxxx[2022-03-21 17:47:05] KeyError: 'data'[2022-03-21 17:47:05] Error loading file /tmp/authbs-certs.tTAf/flannel/etcd/ca.crt[2022-03-21 17:47:05] Certificate is not signed by CA[2022-03-21 17:47:05] Cert missed in this round: flannel/etcd[2022-03-21 17:47:05] Retrying again internallyHost CA cert expiry info
x
/tmp/authbs-certs.NqWH/admin# cat request.json{"errors":["cannot satisfy request, as TTL would result in notAfter 2025-03-20T17:52:08.088914479Z that is beyond the expiration of the CA certificate at 2025-03-02T13:59:50Z"]} /tmp/authbs-certs.NqWH/admin# pwd/tmp/authbs-certs.NqWH/adminError seen while onboarding node:
While executing prep-node
2023-09-28T04:44:29.8181Z DEBUG Unable to prep node: Error: Unable to install hostagent. error while running installer script: HOST_CERTS_SCRIPT_FAILED /opt/pf9/hostagent/bin/host-certs.py\", line 113, in <module>\n sys.exit(main())\n File \"/opt/pf9/hostagent/bin/host-certs.py\", line 110, in main\n return args.func(args)\n File \"/opt/pf9/hostagent/bin/host-certs.py\", line 31, in _refresh\n cert, ca = vouch.sign_csr(csr, args.common_name)\n File \"/opt/pf9/hostagent/lib/python3.9/site-packages/bbslave/certs.py\", line 72, in sign_csr\n resp.raise_for_status()\n File \"/opt/pf9/hostagent/lib/python3.9/site-packages/requests/models.py\", line 1021, in raise_for_status\n raise HTTPError(http_error_msg, response=self)\nrequests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://DU-FQDN/vouch/v1/sign/cert\n"}Environment
- Platform9 Managed Kubernetes - v5.6 and Higher.
Solution
This is a know issue, and is resolved in the PMK version in v5.6.9, v5.7.3 and 5.9.1.
Additional Information
If the issue is observed in any of the unsupported PMK versions, please open a support ticket mentioning the related jira PMK-4582.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message