SCIM Bridge SSL Certificate expired

Hey all,

Hoping someone can provide some assistance here. About 6 months ago we deployed the SCIM bridge using the Digital Ocean one click app and it has been running flawlessly ever since. This morning I see that the SSL certificate is expired and I'm not sure how to go about renewing it. I suspect the cert has already renewed automatically at least once since the cert was issued in October which is long after this bridge was initially deployed. Nothing has changed on our side with respect to DNS records so I'm kind of confused as to why its started failing.

Specifies about our deployment; it is a 3 node Kubernetes deployment on Digital Ocean sitting behind a Digital ocean load balancer. The image used in the initial deployment is 1password/scim:v2.0.2


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • christheradioguy
    christheradioguy
    Community Member

    After attempting to restart the pod I am now seeing:

    8:13PM INF 1Password SCIM bridge, starting up application=op-scim version=2.0.2
    8:13PM INF registering new health component application=op-scim component=RedisCache service=health version=2.0.2
    8:13PM INF starting to poll components for health reports application=op-scim service=health version=2.0.2
    8:13PM INF registering new health component application=op-scim component=SCIMServer service=health version=2.0.2
    8:13PM INF registering new health component application=op-scim component=CertificateManager service=health version=2.0.2
    8:13PM INF registering new health component application=op-scim component=ChallengeServer service=health version=2.0.2
    8:13PM INF starting LetsEncrypt challenge server addr=:8080 application=op-scim service=ChallengeServer version=2.0.2
    8:13PM ??? Server: (failed to run 1Password SCIM bridge), Wrapped: (failed to GenerateCertificate), Network: (failed to getCertificateWithTimeout), Wrapped: (updateCertificateWithTimeout timed out on certManager.GetCertificate), LetsEncrypt timed out application=op-scim version=2.0.2

    So it seems to be unable to contact Let's Encrypt

  • Hello,

    Sorry to hear you're having difficulties with the SCIM bridge.

    Since 2.0.2, we've gone about rewriting our Let's Encrypt integration within the SCIM bridge from scratch due to these sorts of confusing and opaque errors that our users were regularly receiving.

    I would first try upgrading to 2.3.0 using the steps outlined here: https://support.1password.com/scim-update/#digitalocean

    If nothing else, the new Let's Encrypt functionality we've made should provide a better error message and course of action for fixing your issue, but it also may simply resolve the issue you're facing as well.

    Let me know how it goes, and if we can be of any greater assistance to you.

This discussion has been closed.