Bug #8624
MNDeployment #6957: NRDC - Nevada Research Data Center
MN Certificate has expired
100%
Description
The MN server certificate for the NRDC node has expired and needs to be updated.
This is a let's encrypt issued certificate so it may be that the cert has been renewed but the server has not been restarted to pick up the new certificate.
echo "Q" | openssl s_client -connect dataone.sensor.nevada.edu:443 | openssl x509 -text -noout
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = dataone.sensor.nevada.edu
verify error:num=10:certificate has expired
notAfter=May 12 23:22:09 2018 GMT
verify return:1
depth=0 CN = dataone.sensor.nevada.edu
notAfter=May 12 23:22:09 2018 GMT
verify return:1
DONE
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:50:a2:3e:88:66:e4:e4:11:91:c5:5d:67:f6:36:68:0b:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Feb 11 23:22:09 2018 GMT
Not After : May 12 23:22:09 2018 GMT
Subject: CN=dataone.sensor.nevada.edu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
...
History
#1 Updated by Mark Servilla almost 6 years ago
An email has been sent to Hannah Munoz and Eric Fritzinger reporting this issue.
#2 Updated by Amy Forrester over 5 years ago
7/23/18: Connor Scully-Allison
I am taking over for Eric Fritizinger as the Sys Admin of the larger NRDC system, including our DataONE Member Node. Hannah Munoz, who has been your primary point of contact up until this point will be graduating and leaving us soon as well so I will become your primary point of contact in coordinating our efforts to get this node back online.
7/25/18: Mark
When I attempt to query the GMN member node (this date), i receive a 404 response from Apache. Need a call
#3 Updated by Amy Forrester over 5 years ago
7/30/18 reach out to Connor- propose Aug 8 meeting
#4 Updated by Mark Servilla over 5 years ago
- % Done changed from 0 to 100
- Status changed from New to Closed
The NRDC MN has been off line since mid-May 2018, at first due to an expired LetsEncrypt SSL certificate and then second for a configuration issue that led GMN to be inaccessible.
The first issue was resolved by manually reissuing the LetsEncrypt certificate. This action, however, inadvertently resulted in a second Apache SSL configuration to be generated, which over-road the gmn-ssl.conf configuration. Roger Dahl intervened on behalf of NRDC to correct this issue on Thursday 9 August 2018.
All NRDC systems appear to be up and operating as expected.
