orbit: 2022-02-03T13:28:24-08:00 INF update failed...
# fleet
orbit: 2022-02-03T132824-08:00 INF update failed error="update metadata: update metadata: tuf: failed to download 2.root.json: Get \"https://tuf.fleetctl.com/2.root.json\": x509: certificate has expired or is not yet valid: current time 2022-02-03T132824-08:00 is after 2021-09-30T140115Z"
Is there a proxy between the host/device and tuf.fleetctl.com? (seems the certificate is valid when visiting in the browser) As far as I can see there's no way to suppress the alert currently.
We will soon add an option to disable updates (https://github.com/fleetdm/fleet/issues/3658)
Let us know if it makes sense.
there is no proxy between host/device to external. I see this message on all the nodes where we deployed osquery/orbit app built by fleetctl
this is flooding in /var/log/messages ...
it was trying to check every 10s once 😞
OK, could you run
curl <https://tuf.fleetctl.com>
on one of the hosts to double check?
If the above curl command fails with cert issues then the issue is not Orbit.
curl https://tuf.fleetctl.com curl: (60) The certificate issuer's certificate has expired. Check your system date and time. More details here: http://curl.haxx.se/docs/sslcerts.html
OK, the issue is definitely not orbit then (I just tried the curl command from here and it works.). You should check the network configuration and which node is doing the TLS termination.
ok thanks for the confirmation. I will dig more
👍 1