[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error
trashcan at ellael.org
Mon Jan 16 20:07:47 UTC 2017
Berry A.W. van Halderen <berry at nlnetlabs.nl> wrote:
> On 01/16/2017 07:49 PM, Michael Grimm wrote:
>> Hmm, what do I need to do in order to recover from that error? Any
>> is highly appreciated.
> The enforcer will try to allocate more keys upon the next run. The
> when this is depends (in 1.4), upon the Interval setting in the
> conf.xml. Normally a number of minutes (at 14:00 your time).
> But my assumption is that this already was tried a number of times.
Indeed. In the meantime I do find many of those errors in the logfile.
> I don't know which HSM you are using.
> If you are using SoftHSM, it
> could be due to permissions problems on the files where the keys
> are stored, or to a full filesystem. Check /var/lib/softhsm,
> the default location (set in /etc/softhsm.conf).
-rw-r--r-- 1 root wheel uarch 44032 Jan 16 20:48
I have to note, that 8 other domains are kept in that database. None of
the other domains triggered a similar error (yet).
> You can also increase the verbosity in conf.xml and restart
> to get a bit more information.
I had had <Verbosity>3</Verbosity>. I did increase to 4,5, and 10, but
to no avail. The very same log messages are reported, no additional
ones. Is this the verbosity you were refering to?
> Did you keep the original
> by any change?
Yes. I did save before rescue trials:
-rw-r--r-- root/opendnssec 990 2017-01-06 21:02
What do you want me to do with that?
I do have to admit that I am pretty helpless in understanding the
details of the software I am using. Sad to say :-(
So, what should I do next?
Create a new key for example.com and import it into softhsm?
Export kaps.db and re-import? (how?)
Thanks and regards,
More information about the Opendnssec-user