orbit: 2022-02-03T13:28:24-08:00 INF update failed...
# fleetd
dram
02/03/2022, 9:28 PMorbit: 2022-02-03T132824-08:00 INF update failed error="update metadata: update metadata: tuf: failed to download 2.root.json: Get \"https://tuf.fleetctl.com/2.root.json\": x509: certificate has expired or is not yet valid: current time 2022-02-03T132824-08:00 is after 2021-09-30T140115Z"
l
Lucas Rodriguez
02/03/2022, 9:46 PMIs there a proxy between the host/device and tuf.fleetctl.com? (seems the certificate is valid when visiting in the browser)
As far as I can see there's no way to suppress the alert currently.
Lucas Rodriguez
02/03/2022, 9:47 PMWe will soon add an option to disable updates (https://github.com/fleetdm/fleet/issues/3658)
Lucas Rodriguez
02/03/2022, 9:48 PMLet us know if it makes sense.
d
dram
02/03/2022, 10:07 PMthere is no proxy between host/device to external. I see this message on all the nodes where we deployed osquery/orbit app built by fleetctl
dram
02/03/2022, 10:08 PMthis is flooding in /var/log/messages ...
dram
02/03/2022, 10:12 PMit was trying to check every 10s once 😞
l
Lucas Rodriguez
02/03/2022, 10:16 PMOK, could you run
curl <https://tuf.fleetctl.com>Lucas Rodriguez
02/03/2022, 10:18 PMIf the above curl command fails with cert issues then the issue is not Orbit.
d
dram
02/03/2022, 10:20 PMcurl https://tuf.fleetctl.com
curl: (60) The certificate issuer's certificate has expired. Check your system date and time.
More details here: http://curl.haxx.se/docs/sslcerts.html
l
Lucas Rodriguez
02/03/2022, 10:24 PMOK, the issue is definitely not orbit then (I just tried the curl command from here and it works.). You should check the network configuration and which node is doing the TLS termination.
d
dram
02/03/2022, 10:26 PMok thanks for the confirmation. I will dig more
👍 1
7 Views