Hi everyone,
I’m currently experiencing an issue with our UCS. After logging into the web interface, the following traceback error appears, and the login fails:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/management/console/ldap.py", line 188, in getter
raise KeyError()
KeyError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 220, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 416, in __starttls
self.lo.start_tls_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1220, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 864, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.CONNECT_ERROR: {'desc': 'Connect error', 'info': 'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired)'}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/tornado/web.py", line 1595, in _execute
result = yield result
File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
value = future.result()
File "/usr/lib/python3/dist-packages/univention/management/console/resources.py", line 501, in post
result = await session.authenticate(self.request.body_arguments)
File "/usr/lib/python3/dist-packages/univention/management/console/session.py", line 151, in authenticate
self.set_credentials(**result.credentials)
File "/usr/lib/python3/dist-packages/univention/management/console/session.py", line 175, in set_credentials
self._search_user_dn()
File "/usr/lib/python3/dist-packages/univention/management/console/session.py", line 186, in _search_user_dn
lo = get_machine_connection(write=False)[0]
File "/usr/lib/python3/dist-packages/univention/management/console/ldap.py", line 144, in get_machine_connection
return connection()
File "/usr/lib/python3/dist-packages/univention/management/console/ldap.py", line 200, in _decorated
kwargs[loarg], kwargs[poarg] = lo, po = getter()
File "/usr/lib/python3/dist-packages/univention/management/console/ldap.py", line 190, in getter
conn = connection()
File "/usr/lib/python3/dist-packages/univention/management/console/ldap.py", line 101, in connection
return _getMachineConnection(**kwargs)
File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 176, in getMachineConnection
lo = univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 204, in getMachineConnection
return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 303, in __init__
self.__open(ca_certfile)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 402, in __open
self.__starttls()
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 228, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 416, in __starttls
self.lo.start_tls_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1220, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 864, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.CONNECT_ERROR: {'desc': 'Connect error', 'info': 'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired)'}
I tried renewing the certificate, but the error persists.
Has anyone else experienced this? Is there a recommended way to update or renew the certificate in UCS to fix this?
Any help would be greatly appreciated.
Thanks in advance!