Certificate issues with recent LE certs

Question

Certificate issues with recent LE certs

rjhenry opened this issue 3 years ago · 5 comments

We're using squiflog/seq-input-syslog to ingest logs as per your own documentation, but running into certificate issues when trying to connect to our Seq instance (which has a modern LE certificate signed by the R3 LE CA (in turn signed by the ISRG X1 CA).

Failed to send an event batch
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

The certificate is valid, and is being used by multiple other ingestations right now - e.g. seq-input-gelf.

I suspect this is to do with the recent root CA expiry, but can't confirm (as we didn't have this running before then).

Answer 1 · 2021-10-20T23:44:46.000Z

Hey @rjhenry 👋

Thanks for reaching out! It's been quite a while since we've published a release of this package so I'll try pushing one through the works now and see if that picks up the new CA certificates.

Answer 2 · 2021-10-21T07:09:21.000Z

We’ve just published a build using a more recent set of dependencies as datalust/squiflog-ci:1.0.76. We’ll promote this build to the main repository soon but if you give it a try I’ll be keen to know if it fixes things for you!

Answer 3 · 2021-10-21T07:46:12.000Z

Hi @KodrAus - that has indeed fixed the issue!

Answer 4 · 2021-10-21T10:13:52.000Z

Great! Thanks @rjhenry. We’ll get this build published to the production repository tomorrow.

Answer 5 · 2021-11-25T05:07:42.000Z

This is all done now. The latest version 1.0.76 has up-to-date certificate configuration.