Hi Bastien, I'm sorry for the issues! Currently we aren't aware of any change which could affect that. We have been investigating that.
Daniel On 22. 08. 22 15:44, Bastien Durel wrote:
Hello, I tried to upgrade to knot 3.2 using the debian packages from https://deb.knot-dns.cz/knot-latest bullseye/main, but the server does not use my HSM anymore. All zones fails with : août 22 14:38:13 arrakeen knotd[1285865]: info: [durel.org.] zone file parsed, serial 2021120479 août 22 14:38:13 arrakeen knotd[1285865]: error: [durel.org.] DNSSEC, failed to initialize signing context (PKCS #11 token not available) août 22 14:38:13 arrakeen knotd[1285865]: 2022-08-22T14:38:13+0200 error: [durel.org.] DNSSEC, failed to initialize signing context (PKCS #11 token not available) août 22 14:38:13 arrakeen knotd[1285865]: 2022-08-22T14:38:13+0200 error: [durel.org.] zone event 'load' failed (PKCS #11 token not available) août 22 14:38:13 arrakeen knotd[1285865]: error: [durel.org.] zone event 'load' failed (PKCS #11 token not available) debug log does not seems to print more details about error keystore is defined as : keystore: - id: hsmkey backend: pkcs11 config: "pkcs11:pin-value=REDACTED /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" The HSM itself is an USB key from CardContact.de Downgrading to 3.1.9-cznic.1~bullseye re-enable signing Is there anything I can do to debug/solves this problem ? Regards,
--
