If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

ssl_error_bad_cert_domain error on crash-analysis.mozilla.com

RESOLVED FIXED

Status

Socorro
General
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: philipp, Assigned: jp)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

2 years ago
sites on https://crash-analysis.mozilla.com currently produce a certificate mismatch error:

crash-analysis.mozilla.com uses an invalid security certificate. 
The certificate is only valid for the following names: crash-reports.mozilla.com, crash-reports.mozilla.org 
(Error code: ssl_error_bad_cert_domain)

Comment 1

2 years ago
Lonnen, is this connected with the Socorro release you guys shipped?
Flags: needinfo?(chris.lonnen)
(Reporter)

Updated

2 years ago

Comment 2

2 years ago
Let's put the actual server that fail in the URL, arewestableyet only frame-forwards to that.
jp - looks like the cert for crash-reports is loaded on the crash-analysis ELB.

I looked into manually correcting this, but I don't see the crash-analysis cert loaded in AWS at all.
Assignee: nobody → jschneider
Status: NEW → ASSIGNED
Flags: needinfo?(jschneider)

Comment 4

2 years ago
Ugh, in addition, when I add a cert exception, I see that it doesn't even serve the right content :(

Comment 5

2 years ago
It looks like the machine is serving an nginx test page.
I also did not get any message today from my cron job that is running on this machine.

I hope the data on it has not been wiped away because some of it can not be backfilled retrospectively.
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #5)
> It looks like the machine is serving an nginx test page.
> I also did not get any message today from my cron job that is running on
> this machine.
> 
> I hope the data on it has not been wiped away because some of it can not be
> backfilled retrospectively.

It uses an EBS volume, which looks to be fine, so the data should be there. It needs to be re-mounted and this machine might need to be set up again, though.
bug 1194331 and bug 1179265 are preventing this node from coming up automatically.

This is separate from the SSL cert issue - I don't see how this could have been working before since we don't seem to have the crash-analysis cert loaded in AWS at all :/
jp figured this out - there's a SAN cert for crash-stats which is also used for crash-analysis - it's wrong in our terraform config.

It's fixed now, and will be fixed in terraform momentarily.
Flags: needinfo?(jschneider)
Flags: needinfo?(chris.lonnen)
(Assignee)

Comment 9

2 years ago
Yes, didn't remember this was a SAN.

This won't get fixed in terraform, since it is a tfvars value.  That has been fixed up on buildbox.
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.