Leaf certs expired on January 27, 2022
daveyb opened this issue Β· comments
Hey @brianshumate - thanks for sharing Vaultron with the world - it's a great dev tool!
Expected Behavior
./form
brings up a working Vaultron vault cluster as it typically does π
Actual Behvior
The leaf certs for both raft and consul-flavored deployments expired Jan 27 13:43:20 2022 GMT
, so Vaultron Vault clusters will not start.
This includes the certs found in black_lion/tls/
, red_lion/tls/
, and yellow_lion/tls/
directories.
Steps to Reproduce
- I first did this with a raft-flavored cluster, so
TF_VAR_vault_flavor=raft
in my shell env. - Run
./form
- Run
./ion_darts
to export configs for this vaultron instance - Run
vault status
to see status of cluster:
- Run
docker logs vaultron-vault0
node to see what's up:
- Visit https://127.0.0.1:8200 in the browser:
View leaf certs using openssl
- Run
openssl x509 -in black_lion/tls/vault-server-0.crt -noout -text
on an example leaf cert to see it expired today:Signature Algorithm: sha256WithRSAEncryption Issuer: CN=node.arus.consul Validity Not Before: Oct 25 13:42:50 2019 GMT Not After : Jan 27 13:43:20 2022 GMT
NOTE: the certs in
etc/tls/
are NOT expired, just the leaf certs in the*_lion/tls
directories.
Thanks for the report, I'll try to get these updated soon!
Resolved in latest release (3.9.0), thanks again for the heads up!