On 06/01/2021 23:45, Leon Fauster via CentOS-devel wrote:
Am 06.01.21 um 21:30 schrieb Stephen John Smoogen:
<snip>
Two hours later: Its works again here, now. I have no idea what caused the above response. Sorry for the noise. Thanks for the feedback, Leon
Hi Leon,
Reading inbox and so commenting just today :
As smooge pointed out, LetsEncrypt recently switched Intermediate CA cert (see https://letsencrypt.org/certificates/) from X1 to R3
It was reflected in our ansible automation *but* for that particular haproxy chain in front of openshift (for koji.mbox) it wasn't pointing to correct CAChain crt file (that needs to be concatenated)
That was identified and fixed in the mean time and extra-step added to automatically recheck before pushing to git the certs deployed then by ansible (as LetsEncrypt new CA validity is clearly shorter than before so they'll even rotate intermediate CA more frequently)
So I guess you tried just before the following fix was pushed/deployed :-)
Kind Regards,