amppackager icon indicating copy to clipboard operation
amppackager copied to clipboard
verified publisher icon ampproject

Facing issue after update certificate

Open prakasa-tkpd opened this issue 3 years ago • 2 comments

We just updating certificate which will be expired. But somehow after doing that, we facing issue like message below:

2022/07/14 16:56:08 Updating cert if necessary
2022/07/14 16:56:08 Certfetcher is not set, skipping cert updates. Checking cert on disk if updated.
2022/07/14 16:56:08 Updating OCSP; none cached yet.
2022/07/14 16:56:08 Updating OCSP; none cached yet.
2022/07/14 16:56:08 Updating OCSP; none cached yet.
2022/07/14 16:56:08 OCSP nextUpdate 2022-07-21 06:27:00 +0000 UTC too far ahead of thisUpdate 2022-07-14 00:00:00 +0000 UTC

Based on the code the message is coming from this code below:

https://github.com/ampproject/amppackager/blob/9cd448f3172d9dd3b0370cd48a12f3ba52b9b289/packager/certcache/certcache.go#L673

Is there any clue why this issue appears ?

prakasa-tkpd avatar Jul 14 '22 10:07 prakasa-tkpd

Thank you for reporting this issue. We believe this problem is due to some issue with the OCSP being issued by the Cert Authority (CA). Which CA are you currently using?

banaag avatar Jul 14 '22 17:07 banaag

Same issue is happening to me right now on 2 certificates I just reissued with DigiCert.

It also happened last june, I had to wait a few hours/days for it to be okay.

glebarsccmbg avatar Sep 13 '22 15:09 glebarsccmbg