Am 07.01.21 um 08:41 schrieb Fabian Arrotin: > On 06/01/2021 23:45, Leon Fauster via CentOS-devel wrote: >> >> Two hours later: Its works again here, now. I have no idea what caused >> the above response. Sorry for the noise. Thanks for the feedback, Leon > > Hi Leon, > > Reading inbox and so commenting just today : > > As smooge pointed out, LetsEncrypt recently switched Intermediate CA > cert (see https://letsencrypt.org/certificates/) from X1 to R3 > > It was reflected in our ansible automation *but* for that particular > haproxy chain in front of openshift (for koji.mbox) it wasn't pointing > to correct CAChain crt file (that needs to be concatenated) > > That was identified and fixed in the mean time and extra-step added to > automatically recheck before pushing to git the certs deployed then by > ansible (as LetsEncrypt new CA validity is clearly shorter than before > so they'll even rotate intermediate CA more frequently) > > So I guess you tried just before the following fix was pushed/deployed :-) A classical race condition :-) Thanks for depicting it. -- Leon