https://github.com/osquery/osquery logo
#fleet
Title
# fleet
d

dram

02/03/2022, 9:28 PM
orbit: 2022-02-03T132824-08:00 INF update failed error="update metadata: update metadata: tuf: failed to download 2.root.json: Get \"https://tuf.fleetctl.com/2.root.json\": x509: certificate has expired or is not yet valid: current time 2022-02-03T132824-08:00 is after 2021-09-30T140115Z"
l

Lucas Rodriguez

02/03/2022, 9:46 PM
Is there a proxy between the host/device and tuf.fleetctl.com? (seems the certificate is valid when visiting in the browser) As far as I can see there's no way to suppress the alert currently.
We will soon add an option to disable updates (https://github.com/fleetdm/fleet/issues/3658)
Let us know if it makes sense.
d

dram

02/03/2022, 10:07 PM
there is no proxy between host/device to external. I see this message on all the nodes where we deployed osquery/orbit app built by fleetctl
this is flooding in /var/log/messages ...
it was trying to check every 10s once 😞
l

Lucas Rodriguez

02/03/2022, 10:16 PM
OK, could you run
curl <https://tuf.fleetctl.com>
on one of the hosts to double check?
If the above curl command fails with cert issues then the issue is not Orbit.
d

dram

02/03/2022, 10:20 PM
curl https://tuf.fleetctl.com curl: (60) The certificate issuer's certificate has expired. Check your system date and time. More details here: http://curl.haxx.se/docs/sslcerts.html
l

Lucas Rodriguez

02/03/2022, 10:24 PM
OK, the issue is definitely not orbit then (I just tried the curl command from here and it works.). You should check the network configuration and which node is doing the TLS termination.
d

dram

02/03/2022, 10:26 PM
ok thanks for the confirmation. I will dig more
👍 1
6 Views