firefox: SEC_ERROR_REUSED_ISSUER_AND_SERIAL
xahare opened this issue · 6 comments
sometimes the browser notices the same serial number on the tls cert in the vagrant box and complains about this, throwing SEC_ERROR_REUSED_ISSUER_AND_SERIAL
in this message a proxmox dev suggested deleting the root cert to cause it to generate a new one on boot. i asked for clarification on exactly which files to delete and ill update this issue when i get that.
my workaround for now is putting this line before the "clean packages" section in provision.sh
rm -f /etc/pve/key /etc/pve/.pem /etc/pve/priv/key /etc/pve/priv/.srl
My intent is to use a custom CA to generate the certificates once and re-use them between vagrant destroy/up.
Would the same cert show up on different vagrant runs?
Yes, that is the intent. Being able to re-create the environment with the same certificates.
should have mentioned this earlier, ive been able to reliably trigger it with your pve ceph cluster.
- vagrant up --no-parallel
- firefox https://10.1.0.203:8006/ just get to the log in page, dont need to actually log in
- vagrant destroy -f
- vagrant up --no-parallel
- firefox https://10.1.0.203:8006/ this time, it wont load the login page until you delete the saved CA
im glad you made provision-storage.sh a separate file
FYI, I'm now reusing the certificates between node creation at https://github.com/rgl/proxmox-ve-cluster-vagrant. I'll later do a simpler version of it in this repo too.