[Opendnssec-user] [hsm] unable to get key
Berry van Halderen
berry at nlnetlabs.nl
Sun Aug 22 20:44:38 UTC 2021
On 2021-08-22 03:11, Randy Bush via Opendnssec-user wrote:
> list shows this is an old problem. but microsoft whack did not solve
> this time
There are several incantations of this, which have different causes but
end
up as the same thing. The Microsoft whack was a restart of the signer?
I'm looking for both cause and quick fix. For either, can you
perform a
ods-enforcer key list -d | grep eae33574e49b6b581e348f6252fb86a5
I'm wondering whether this key is being retired.
In which case a patch fix might be to remove the signconf file
for this zone;
rm /var/opendnssec/signconf/hipster.biz.xml
and regenerate this:
ods-enforcer signconf
\Berry
> FreeBSD rip.psg.com 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 GENERIC
> amd64
> opendnssec version 2.1.9
> # softhsm --version
> 1.3.8
>
>
> Aug 22 01:06:41 rip ods-signerd[707]: [hsm] unable to get key: key
> eae33574e49b6b581e348f6252fb86a5 not found
> Aug 22 01:06:41 rip ods-signerd[707]: [hsm] hsm_get_dnskey(): Got NULL
> key
> Aug 22 01:06:41 rip ods-signerd[707]: [hsm] unable to get key: hsm
> failed to create dnskey
> Aug 22 01:06:41 rip ods-signerd[707]: [zone] unable to prepare signing
> keys for zone hipster.biz: error getting dnskey
> Aug 22 01:06:41 rip ods-signerd[707]: [worker[1]] CRITICAL: failed to
> sign zone hipster.biz: General error
>
> same for lots of zones
>
> any other incantations folk might suggest?
>
> randy
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
More information about the Opendnssec-user
mailing list