Skip to content

Bug when triggering renewal of cert in acme plugin #12442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
tobiasehlert opened this issue Jan 28, 2024 · 4 comments · Fixed by #12773
Closed
1 task done

Bug when triggering renewal of cert in acme plugin #12442

tobiasehlert opened this issue Jan 28, 2024 · 4 comments · Fixed by #12773
Assignees
@fffonion
Labels
plugins/acme

Comments

@tobiasehlert
Copy link
Contributor

tobiasehlert commented Jan 28, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Kong version ($ kong version)

3.5.0

Current Behavior

I try to trigger a renewal of certificates and there seems to be some issue in the acme client.

This is the request I do towards the admin-api:

curl http://XX.XXX.XXX.XXX:8001/acme -XPATCH

The response from my request is this:

{"message":"Renewal process started successfully"}

This is the error message from Kong:

Jan 28 18:09:58 fra1-kong-001 docker[138569]: kong-api              | 2024/01/28 18:09:58 [error] 1280#0: *200803 [lua] job.lua:284: execute(): [timer-ng] failed to run timer unix_timestamp=1706465398520.000000;counter=13563:meta=debug off: /usr/local/share/lua/5.1/kong/plugins/acme/client.lua:512: attempt to index local 'config' (a boolean value), context: ngx.timer
Jan 28 18:09:58 fra1-kong-001 docker[138569]: kong-api              | XX.XXX.XXX.XXX - - [28/Jan/2024:18:09:58 +0000] "PATCH /acme HTTP/1.1" 202 50 "-" "curl/8.4.0"

Expected Behavior

I except the existing certificates to be renewed and not get stuck with the "old" ones.

Steps To Reproduce

  1. Trigger a renew of certificate: 
    curl http://XX.XXX.XXX.XXX:8001/acme -XPATCH

Anything else?

I use DecK for configuring Kong, but I've done that since months and without any problem.

If I recall correct I did not have the renewal issue when I run an older version of Kong (not 3.5.0), but I don't remember the version back then.
@fffonion
Copy link
Contributor

I think it's related to the :configure handler change that recently introduced, there's a GH discussion around it too but I can't find it right now. cc @bungle
https://github.com/Kong/kong/blob/master/kong/plugins/acme/handler.lua#L93

@tobiasehlert
Copy link
Contributor Author

@fffonion, looked also there and the only one I found could be relevant was #12224 but without any further information.
But this issue must have started with PR #11703 from @bungle..

I'll add new certs manually for now so that my things don't stop work mid next week :P

@chronolaw
Copy link
Contributor

@fffonion @bungle , do we have any update about it?

@fffonion
Copy link
Contributor

fffonion commented Mar 7, 2024

Created https://konghq.atlassian.net/browse/KAG-4008 for tracking

@Water-Melon Water-Melon mentioned this issue Mar 22, 2024
Merged
3 tasks
This was referenced Mar 28, 2024
Merged
Merged
@Igor-lkm Igor-lkm mentioned this issue Jul 12, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fffonion fffonion

Labels
plugins/acme
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(plugins/acme): fix certificate renew failure issue Kong/kong
3 participants
@fffonion @chronolaw @tobiasehlert