SSL Verification failed

Corin · May 24, 2022, 3:23pm

Hi,

i got this error. The Renewing for certificates i already did. It didnt solve the Problem:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute
    result = execute(umc_module, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 286, in run
    cert_verify = list(verify_local(all_certificates))
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 260, in verify_local
    for error in verifier.verify(cert):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 206, in verify
    for error in self._verify_timestamps(cert_path):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 165, in _verify_timestamps
    with open(cert_path) as fob:
FileNotFoundError: [Errno 2] Datei oder Verzeichnis nicht gefunden: ''

grafik

Second or Third DC are not joined after this error. I found this Error while installed a new memberserver, but it cant join.

i dont know why and how and how i can solve this.

Thanks

Mornsgrans · May 24, 2022, 4:50pm

Is port 80 opened for access from internet?

Corin · May 24, 2022, 5:08pm

Its without Letsencrypt. I only use selfsigned Root Certificate of the server. Do i need P80 for selfsigned?

Mornsgrans · May 24, 2022, 6:42pm

The less information, the less help is possible.

Which certificate do you want to renew - the root certificate or the server certificate?
The server certificate is self-signed, too?
What is the Univention server version?

Corin · May 24, 2022, 6:56pm

In the Past all my univention servers got SSL Certificates from my Reverse Proxy via acme and rsync to a location and entry in ucr variables.

Yesterday i removed the apache2 entries with my certificate of my reverse proxy rollout to all servers, cause the Univention Server no need a certificate now.
So i renewed the Root certificate and only want use selfsigned certificate for the Servers and used the documentation of: Renewing the SSL certificates

Version: 5.0-1 errata310.

grafik

Corin · August 12, 2022, 9:35pm

Hi,

today i got univention-run-diagnostic-checks

This comes:

############################ Start 02_certificate_check ###########################
## Check failed: 02_certificate_check - Überprüfe Gültigkeit der SSL Zertifikate ##
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute
    result = execute(umc_module, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 286, in run
    cert_verify = list(verify_local(all_certificates))
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 260, in verify_local
    for error in verifier.verify(cert):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 206, in verify
    for error in self._verify_timestamps(cert_path):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/02_certificate_check.py", line 165, in _verify_timestamps
    with open(cert_path) as fob:
FileNotFoundError: [Errno 2] Datei oder Verzeichnis nicht gefunden: ''
Univention Support Database - Erneuern der TLS/SSL-Zertifikate (http://sdb.univention.de/1000)
############################# End 02_certificate_check ############################

I have no idea, what i can do. I renewed already all certs, but the Error persist. Its only on the Primary Node DC.