[GNC] [MAINT] Unplanned Server Outage due to expired certs

Derek Atkins derek at ihtfp.com
Wed Nov 12 21:38:20 EST 2025 

Hi,
I am very familiar with LetsEncrypt.  I use it all over the place.
Unfortunately no, that won't work here.
These are truly embedded CA + certs.
I can't offload to LE.

-derek


On Wed, November 12, 2025 9:34 pm, Glenn Fowler wrote:
> Hi Derek,
>
> Maybe some automation can help take the load off:
>
> https://letsencrypt.org/docs/client-options/
>
>
> ________________________________
> From: gnucash-user <gnucash-user-bounces+gfowler1=outlook.com at gnucash.org>
> on behalf of Derek Atkins <derek at ihtfp.com>
> Sent: Wednesday, November 12, 2025 8:58:20 PM
> To: gnucash-user at gnucash.org <gnucash-user at gnucash.org>;
> gnucash-devel at gnucash.org <gnucash-devel at gnucash.org>
> Cc: gnucash-announce at gnucash.org <gnucash-announce at gnucash.org>
> Subject: [GNC] [MAINT] Unplanned Server Outage due to expired certs
>
> Hi,
>
> tl;dr:  code was offline for a couple hours due to a certificate expiry.
> It's been corrected and all is back now.
>
> Long Version:
>
> The gnucash server code runs on an infrastructure called oVirt.  The infra
> uses a bunch of certificates for inter-process communication as well as
> cross-host authentication.  Earlier today, these certificates expired.
> And then the server experienced a reboot.
>
> Normally the reboot wouldn't be a problem; there would be a 15 minute
> "outage" and then everything would come back normally.  However, this time
> that didn't happen.  Due to the certificates expiring, the server could
> not "talk to itself" and couldn't bring up the infrastructure!
>
> I had to trick the server into thinking it was this morning, and then
> bring up the services, then it brought up the engine.  From there I was
> able to renew all the certificates, reboot, and get the system back up and
> running.
>
> For the record, I DID have an entry in my calendar to renew the certs, but
> due to personal reasons I did not execute on that.  I have put in MULTIPLE
> reminders for next time.
>
> I am sorry for the inconvenience.
>
> -derek
>
> --
>        Derek Atkins                 617-623-3745
>        derek at ihtfp.com             www.ihtfp.com<http://www.ihtfp.com>
>        Computer and Internet Security Consultant
>
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
>
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

More information about the gnucash-user mailing list