GitHub user LiuYanHao789 closed a discussion: When starting the `libvirtd` service, I encountered the error: "The server certificate /etc/pki/libvirt/servercert.pem has expired."
<!-- Verify first that your issue/request is not already reported on GitHub. Also test if the latest release and main branch are affected too. Always add information AFTER of these HTML comments, but no need to delete the comments. --> ##### ISSUE TYPE <!-- Pick one below and delete the rest --> * Other ##### COMPONENT NAME <!-- Categorize the issue, e.g. API, VR, VPN, UI, etc. --> ~~~ Cert ~~~ ##### CLOUDSTACK VERSION <!-- New line separated list of affected versions, commit ID for issues on main branch. --> ~~~ cloudstack 4.18.1.0 ~~~ ##### CONFIGURATION <!-- Information about the configuration if relevant, e.g. basic network, advanced networking, etc. N/A otherwise --> ##### OS / ENVIRONMENT <!-- Information about the environment if relevant, N/A otherwise --> Centos 7.9 ##### SUMMARY <!-- Explain the problem/feature briefly --> When starting the `libvirtd` service, I encountered the error: "The server certificate /etc/pki/libvirt/servercert.pem has expired." The certificate in question originates from `/etc/cloudstack/agent/cloud.crt`, which is valid for one year. What should I do when the certificate expires? Should I create a self-signed certificate to replace it? If I do, will there be any impact due to context or dependencies? Or is there another solution? ##### STEPS TO REPRODUCE <!-- For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate. For new features, show how the feature would be used. --> <!-- Paste example playbooks or commands between quotes below --> ~~~ # systemctl restart libvirtd error: "The server certificate /etc/pki/libvirt/servercert.pem has expired" # ll /etc/pki/libvirt/servercert.pem /etc/pki/libvirt/servercert.pem -> /etc/cloudstack/agent/cloud.crt ~~~ I can see that it's a symbolic link, with the source path being /etc/cloudstack/agent/cloud.crt. I checked the certificate's validity period using the command: ~~~ # openssl x509 -in /etc/cloudstack/agent/cloud.crt -noout -dates notBefore=Jul 12 19:44:27 2023 GMT notAfter=Jul 12 07:44:27 2024 GMT ~~~ <!-- You can also paste gist.github.com links for larger files --> ##### EXPECTED RESULTS <!-- What did you expect to happen when running the steps above? --> I can see that it's a symbolic link, with the source path being /etc/cloudstack/agent/cloud.crt. I checked the certificate's validity period using the command: ~~~ # openssl x509 -in /etc/cloudstack/agent/cloud.crt -noout -dates notBefore=Jul 12 19:44:27 2023 GMT notAfter=Jul 12 07:44:27 2024 GMT ~~~ It turns out the certificate has expired, which caused the error when I tried to restart the libvirtd service today. Should I create a self-signed certificate to replace it? If I do, will there be any impact due to context or dependencies? Or is there another solution? ##### ACTUAL RESULTS <!-- What actually happened? --> <!-- Paste verbatim command output between quotes below --> ~~~ ~~~ GitHub link: https://github.com/apache/cloudstack/discussions/9565 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
