Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Routinator not getting updates - Certificates expired #976

Open
stealthbootc opened this issue Oct 6, 2024 · 2 comments
Open

Routinator not getting updates - Certificates expired #976

stealthbootc opened this issue Oct 6, 2024 · 2 comments

Comments

@stealthbootc
Copy link

All 3 of my routinator servers stopped getting updates and show similar errors:

Oct 06 04:41:34 snt-rtnt-p01 routinator[1008]: RRDP https://rpki01.hel-fi.rpki.win/rrdp/notification.xml: HTTP status server error (502 Bad Gateway) for url (https://rpki01.hel-fi.rpki.win/rrdp/notification.xml)
Oct 06 04:41:34 snt-rtnt-p01 routinator[1008]: rsync://rpki01.hel-fi.rpki.win:44595/repo/: Dubious host name. Skipping update.
Oct 06 04:41:34 snt-rtnt-p01 routinator[1008]: rsync://rpki.ripe.net/repository/DEFAULT/yJsxCB1b3QjRj7zY-r7oHE-wUUY.cer: no valid manifest rsync://rpki01.hel-fi.rpki.win:44595/repo/as60900/0/C89B31081D5BDD08D18FBCD8FABEE81C4FB05146.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://rpki.cc/repo/MythicalKitten/12/7BBD0E669176F6F2E8BB8FC3104A8D23435175AE.cer: no valid manifest rsync://krill.ca-bc-01.ssmidge.xyz/repo/SsmidgeLLC/1/7BBD0E669176F6F2E8BB8FC3104A8D23435175AE.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://cloudie-repo.rpki.app/repo/CLOUDIE-RPKI/2/EF426F94C58940B7071B544A524D3C9EA3456B00.cer: certificate has expired.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://cloudie-repo.rpki.app/repo/CLOUDIE-RPKI/0/8174F52F3DDAD2C357E416F8CE94960D6EFA431A.cer: no valid manifest rsync://rsync.paas.rpki.ripe.net/repository/fae48901-fabe-41f1-9355-5f1488f51bd7/0/8174F52F3DDAD2C357E416F8CE94960D6EFA431A.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://cloudie-repo.rpki.app/repo/CLOUDIE-RPKI/0/ACEA194714A54AD4EE3CAE964BDE6B31430614A1.cer: no valid manifest rsync://rpki-rps.arin.net/repository/8a848ade89d095ae0189d3087fdd0326/2/ACEA194714A54AD4EE3CAE964BDE6B31430614A1.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://rpki-rps.arin.net/repository/8a848ade8baa579c018cdcf2c8354b52/2/D181D1B412223885EDEEB993ADF7CDF1756C442D.mft: certificate has expired.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://cloudie-repo.rpki.app/repo/CLOUDIE-RPKI/0/D181D1B412223885EDEEB993ADF7CDF1756C442D.cer: no valid manifest rsync://rpki-rps.arin.net/repository/8a848ade8baa579c018cdcf2c8354b52/2/D181D1B412223885EDEEB993ADF7CDF1756C442D.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://rpki.cc/repo/MythicalKitten/1/4173C015E8E1FED254D4938B7E69CB256CCF6936.cer: no valid manifest rsync://krill.ca-bc-01.ssmidge.xyz/repo/AS199177/0/4173C015E8E1FED254D4938B7E69CB256CCF6936.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://rpki.cc/repo/MythicalKitten/1/A5B9564158D3F545D38A5134082DABBC4CE4BBC0.cer: no valid manifest rsync://rsync.paas.rpki.ripe.net/repository/59183bf3-1acf-4a20-8fa4-b467c2c2260b/2/A5B9564158D3F545D38A5134082DABBC4CE4BBC0.mft found.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://rpki.qs.nu/repo/cyntest/2/FF0595CB477C33B6B94C7E477213C842A6067D6B.mft: certificate has expired.
Oct 06 04:41:35 snt-rtnt-p01 routinator[1008]: rsync://rsync.paas.rpki.ripe.net/repository/cce00cf9-04a5-43d1-8b89-edfa60cd8d4a/2/FF0595CB477C33B6B94C7E477213C842A6067D6B.cer: no valid manifest rsync://rpki.qs.nu/repo/cyntest/2/FF0595CB477C33B6B94C7E477213C842A6067D6B.mft found.
Oct 06 04:41:36 snt-rtnt-p01 routinator[1008]: rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/1/67DAC6BFE8CF4F99CC7DE476F2D7C11DD253702A.cer: certificate has expired.

I also noticed that a new update i have for a network on RIPE's routinator server is not showing the new ROA but cloudflares is (non routinator) is there a larger issue?

Routinator 0.14.0
Ubuntu Linux
@stealthbootc
Copy link
Author

To note i can ping these find and resolve the dns for each host

@partim
Copy link
Member

partim commented Oct 6, 2024

The reasons are given in the first two lines of your log. RRDP gives a 501 Bad Gateway – that sounds like the reverse proxy reporting that the RRDP publication server isn’t running. Routinator then tries rsync, but we don’t allow explicitly specifying port numbers – that’s the “dubious host name” message. You can disable that, but other people will still not see data from that host. (The reasoning here is that often people need to open ports in their firewalls, so anything other than the default ports will likely cause issues.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@partim @stealthbootc