mikedpitt420 Posted January 4, 2015 Share Posted January 4, 2015 So I got this exact message from my server this morning. Any idea as to what it is or what I should do about it? WARNING: certificate /etc/ssl/certs/ca-certificates.crt is about to expire in time equal to or less than 7 days from now on, or has already expired - it might be a good idea to obtain/create new one. NOTE: This message is being sent only once. A lock-file /var/run/certwatch-mailwarning-sent-ca-certificates.crt has been created, which will prevent this script from mailing you again upon its subsequent executions by crond. You dont need to care about it; the file will be auto-deleted as soon as you'll prolong your certificate. Quote Link to comment
danioj Posted January 5, 2015 Share Posted January 5, 2015 I am not sure if I am right but Ill go by memory and try and help before I nip off to work. I am assuming you have some knowledge of SSL and or can remember when you setup whatever is using it. I am also assuming that SSL is not required by Unraid (because I don't think it is even shipped with it) and is actually for something else you have on your box entirely. If this is not true or you are unsure, PAUSE and wait for someone with a little more Unraid Skills to chime in. So, moving on from the above ..... You have SSL running and you have SSL certificates that need renewing. I suspect there was a cron job setup to automatically issue a warning message in the log when an SSL certificate is about to expire. To check the status of your certificates I think you can use the following to check if this is correct. After telnet'ing into your box us this command "openssl x509 -enddate -noout -in fileinquestion.pem or fileinquestion.crt" The output will tell you the date of expiry right then. The certificate needs to be renewed; this can be done by generating a new key pair. Until you do so I think it likely that web clients will not be able to correctly connect to the web site using SSL until the certificate is renewed. When you generate the new key (using the genkey tool I believe), you are going to be generating a new public & private key pair, from which a certificate is then created. You are NOT 'renewing' the certificate as the log implies you must. I think it is possible to renew a certificate based on your existing key pair, but I think because it is so so easy to just just the tools to generate a new pair that it is just easier this way. I hope this helps push you in the right direction or generates some more discussion for you to aid you in your issue. Quote Link to comment
Dabear3 Posted April 7, 2017 Share Posted April 7, 2017 Today I received the same email warning as shown in post #1. I'm a little lost. Can someone please explain to me how to generate a new key pair (as suggested in post #2). Quote Link to comment
trurl Posted April 7, 2017 Share Posted April 7, 2017 1 minute ago, Dabear3 said: Today I received the same email warning as shown in post #1. I'm a little lost. Can someone please explain to me how to generate a new key pair (as suggested in post #2). Does your server have the correct date and time? You have posted this in the legacy section of the forum in a thread that is over 2 years old. Are you really using V5 or older? If not, start a new thread in V6 General Support. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.