[GNC] [MAINT] Unplanned Server Outage due to expired certs
Mark at Lorimark
mark at lorimarksolutions.com
Wed Nov 12 23:40:29 EST 2025
Cheers, man! Good work getting 'er back on line!!!
ugh! been there!
~mark petryk
~w:http://www.lorimarksolutions.com
~q:i don't know where it's going to go,
...and i don't know what to wear when it gets there.
On 11/12/25 20:38, Derek Atkins wrote:
> Hi,
> I am very familiar with LetsEncrypt. I use it all over the place.
> Unfortunately no, that won't work here.
> These are truly embedded CA + certs.
> I can't offload to LE.
>
> -derek
>
>
> On Wed, November 12, 2025 9:34 pm, Glenn Fowler wrote:
>> Hi Derek,
>>
>> Maybe some automation can help take the load off:
>>
>> https://letsencrypt.org/docs/client-options/
>>
>>
>> ________________________________
>> From: gnucash-user <gnucash-user-bounces+gfowler1=outlook.com at gnucash.org>
>> on behalf of Derek Atkins <derek at ihtfp.com>
>> Sent: Wednesday, November 12, 2025 8:58:20 PM
>> To: gnucash-user at gnucash.org <gnucash-user at gnucash.org>;
>> gnucash-devel at gnucash.org <gnucash-devel at gnucash.org>
>> Cc: gnucash-announce at gnucash.org <gnucash-announce at gnucash.org>
>> Subject: [GNC] [MAINT] Unplanned Server Outage due to expired certs
>>
>> Hi,
>>
>> tl;dr: code was offline for a couple hours due to a certificate expiry.
>> It's been corrected and all is back now.
>>
>> Long Version:
>>
>> The gnucash server code runs on an infrastructure called oVirt. The infra
>> uses a bunch of certificates for inter-process communication as well as
>> cross-host authentication. Earlier today, these certificates expired.
>> And then the server experienced a reboot.
>>
>> Normally the reboot wouldn't be a problem; there would be a 15 minute
>> "outage" and then everything would come back normally. However, this time
>> that didn't happen. Due to the certificates expiring, the server could
>> not "talk to itself" and couldn't bring up the infrastructure!
>>
>> I had to trick the server into thinking it was this morning, and then
>> bring up the services, then it brought up the engine. From there I was
>> able to renew all the certificates, reboot, and get the system back up and
>> running.
>>
>> For the record, I DID have an entry in my calendar to renew the certs, but
>> due to personal reasons I did not execute on that. I have put in MULTIPLE
>> reminders for next time.
>>
>> I am sorry for the inconvenience.
>>
>> -derek
>>
>> --
>> Derek Atkins 617-623-3745
>> derek at ihtfp.com www.ihtfp.com<http://www.ihtfp.com>
>> Computer and Internet Security Consultant
>>
>> _______________________________________________
>> gnucash-user mailing list
>> gnucash-user at gnucash.org
>> To update your subscription preferences or to unsubscribe:
>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> -----
>> Please remember to CC this list on all your replies.
>> You can do this by using Reply-To-List or Reply-All.
>>
>>
>
>
More information about the gnucash-user
mailing list