We see this in Fedora 39-based FreeIPA CI tests:
https://pagure.io/freeipa/issue/9498
11-Dec-2023 13:29:40.454 info: client @0x7f478bbf9b68 127.0.0.1#56440 (mirrors.fedoraproject.org): query failed (broken trust chain) for mirrors.fedoraproject.org/IN/A at ../../../lib/ns/query.c:7824 11-Dec-2023 13:29:40.455 info: client @0x7f478bbfa968 127.0.0.1#46765 (mirrors.fedoraproject.org): query failed (broken trust chain) for mirrors.fedoraproject.org/IN/AAAA at ../../../lib/ns/query.c:7824
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: high-gain, high-trouble, ops
Odd.
https://dnsviz.net/d/fedoraproject.org/dnssec/ doesn't show any issues.
When did it start? I changed the cert on dec 5th, then reissued it against another root on the 7th.
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1 * SSL certificate verify ok. * Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using ecdsa-with-SHA384 * Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384 * Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
I have no idea when it started, we saw this in pas sporadically too. We just started switching to F39 in upstream CI so this came this week.
Huh, well, I can't see anything wrong on our side, but I could obviously be missing something. ;(
Can you get more info out of the error?
Any more info recently? Still seeing the issue?
Metadata Update from @kevin: - Issue assigned to kevin
Please re-open if you are still seeing this. I can't see anything wrong on our end. ;(
Metadata Update from @kevin: - Issue close_status updated to: Insufficient data - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.