2024-12-02T05:59:00.402Z | <Nitzan Mordechai> did i missed any update regarding sepia ca.crt file?
i can't login to sepia, the service shows:
```Dec 02 07:38:47 [li-664ccccc-3291-11b2-a85c-d0d88e1a2f13.ibm.com](http://li-664ccccc-3291-11b2-a85c-d0d88e1a2f13.ibm.com) openvpn[7162]: VERIFY ERROR: depth=1, error=certificate has expired: O=Redhat, CN=openvpnca-sepia, serial=1417727481```
and the ca.crt file:
``` nmordech@li-664ccccc-3291-11b2-a85c-d0d88e1a2f13 ~ openssl x509 -in ~/sepia/ca.crt -noout -enddate
notAfter=Dec 1 21:11:21 2024 GMT```
where can i get the new file? |
2024-12-02T06:17:03.112Z | <Sridhar Seshasayee> Yes, I too have the same symptoms and unable to log in to incerta06. |
2024-12-02T07:32:50.390Z | <Shraddha Agrawal> I see the exact same issue when logging into vossi06. |
2024-12-02T07:33:06.086Z | <Shraddha Agrawal> I see the exact same issue and can't log into vossi06. |
2024-12-02T10:14:01.115Z | <Patrick Donnelly> 😱 sepia vpn is effectively down |
2024-12-02T10:14:36.759Z | <Patrick Donnelly> @Adam Kraitman @Zack Cerza @Dan Mick @David Galloway anyone able to issue a new cert please? |
2024-12-02T10:14:56.511Z | <Patrick Donnelly> I'm not sure but we may need to issue everyone new keys |
2024-12-02T10:14:59.734Z | <Patrick Donnelly> what a mess |
2024-12-02T10:29:25.506Z | <Patrick Donnelly> It seems we're hosed: <https://forums.openvpn.net/viewtopic.php?t=33631> |
2024-12-02T10:29:38.293Z | <Patrick Donnelly> We'll have to create a new CA and issue new keys to everyone |
2024-12-02T10:30:00.763Z | <Patrick Donnelly> What a great start to Cephalocon! 🙂 |
2024-12-02T10:37:48.969Z | <Ilya Dryomov> On the bright side, it's a natural opportunity to prune older accounts 🙂 |
2024-12-02T11:16:03.326Z | <Ilya Dryomov> On the bright side, it's a natural opportunity to prune inactive accounts 🙂 |
2024-12-02T11:18:39.217Z | <Bharath> Is [teuthology.front.sepia.ceph.com](http://teuthology.front.sepia.ceph.com) is down? |
2024-12-02T11:19:38.438Z | <Bharath> Is [teuthology.front.sepia.ceph.com](http://teuthology.front.sepia.ceph.com) is down? I am not able to access folio02 also |
2024-12-02T12:51:39.756Z | <Shraddha Agrawal> <https://ceph-storage.slack.com/archives/C1HFJ4VTN/p1733135378088279?thread_ts=1733119140.145619&cid=C1HFJ4VTN> :( |
2024-12-02T15:16:33.659Z | <David Galloway> Oooof |
2024-12-02T15:16:49.975Z | <David Galloway> @Adam Kraitman can you put my ssh key on [gw.sepia.ceph.com](http://gw.sepia.ceph.com) please |
2024-12-02T16:10:37.106Z | <Adam Kraitman> Hey @David Galloway just added your key |
2024-12-02T16:52:30.519Z | <Dan Mick> Oh awesome |
2024-12-02T16:53:59.402Z | <David Galloway> I'm working on it |
2024-12-02T16:54:58.366Z | <Patrick Donnelly> Don't despair @Dan Mick. It's like a CentOS EOL exercise. openssl just wants to remember how to set up your key infrastructure again. |
2024-12-02T19:22:23.146Z | <Dan Mick> David has a solution in progress for the sepia VPN outage. It will involve all sepia users updating their 'ca.crt' file in the OpenVPN configuration (but nothing else). The server certificate and CA are both updated, but the CA is the only thing present in your configuration that will change. Look for instructions very soon. |
2024-12-02T19:31:20.402Z | <David Galloway> 1. Your VPN client relies on a `ca.crt` file that lives locally on your machine. Open the VPN configuration and find where that file lives.
2. Replace that file with <https://filedump.ceph.com/ca.crt>
3. Restart/reconnect your VPN client |
2024-12-02T20:52:53.960Z | <yuriw> Thx @David Galloway! |
2024-12-02T22:07:47.992Z | <Adam Kupczyk> WORKED!
And I blamed some wonky hotel wifi that snoops on my packets. |
2024-12-02T23:47:00.943Z | <Bharath> ack |
2024-12-02T23:59:53.089Z | <Bharath> Thank you! |