Letsencrypt certificate fails to renew
Using the 1password/scim container, version v2.7.4; running in Azure AKS
Initial deployment of the container works, and correctly issues a LE certificate for the endpoint, and SCIM updates work as expected. However, 3 months later, the certificate expires and is not automatically renews, and SCIM stops working as the endpoint certificate is no longer valid. If I then kill the pod, it redeploys and all is fine for another 3 months before it expires again ...
The autorenewal has never worked that I am aware of, since we first deployed.
Looking at other past discussions, I see that v2.3.1 fixed a bug affecting renewal, and now only needs port 443 opened (though I do have port 80 as well, though this did not help).
What can I do to get this working?
Thanks - Steve
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi there. Thank you for writing in.
The issue you describe sounds like the known issue present in versions of the SCIM bridge prior to v2.8.x. Several fixes are included in the v2.8.x series to enable Let's Encrypt certificates to renew successfully.
You can take a look at the 1Password SCIM bridge changelog here to see when those fixes were implemented. You can also find instructions on how to upgrade your SCIM bridge here. I would recommend upgrading to the latest version available at the time (currently, this is v2.9.0).
I realize it'll likely be a while before you can tell if this issue comes up again, but we've received positive feedback around this issue being resolved so far in the v2.8.x series. Feel free to bump this thread if it comes up again after upgrading.
1 -
Updating to the SCIM container v2.8.5 appears to have fixed the issue, thanks for the help.
1