[tor-bugs] #25233 [Internal Services/Tor Sysadmin Team]: weschniakowii shows old certificate for ooni.tpo in ~1/6 cases
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 13 12:52:59 UTC 2018
#25233: weschniakowii shows old certificate for ooni.tpo in ~1/6 cases
-----------------------------------------------------+-----------------
Reporter: darkk | Owner: tpa
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------------------------------+-----------------
Our prometheus instance alerted that ooni.tpo certificate expires in less
than 25 days. Seems, one of httpd workers at weschniakowii
(2001:6b0:5a:5000::5, 89.45.235.21) is stuck with old certificate.
[https://atlas.ripe.net/measurements/11287106/#!probes Majority of probes]
see new certificate with `Not Before 2018-02-02T00:37:31Z`, but ~1/6 of
probes see old one with `Not Before 2017-12-04T00:40:56Z` that expires in
couple of weeks.
The issue is observable both with IPv4 and IPv6.
Please, restart the worker before cert expires :-) Also, it may be
interesting to understand the reason for worker to spend week and a half
in "graceful restart" mode. Maybe that's some bug or something like
slowloris attack going on.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25233>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list