[Opendnssec-user] [hsm] unable to get key
Randy Bush
randy at psg.com
Mon Aug 23 13:49:57 UTC 2021
>>> I'm wondering whether this key is being retired.
>>> In which case a patch fix might be to remove the signconf file
>>> for this zone;
>>> rm /var/opendnssec/signconf/hipster.biz.xml
>>> and regenerate this:
>>> ods-enforcer signconf
>>
>> it'a all zones. i could do it for all? maybe experiment with this one
>> first.
>>
>> # rm /usr/local/var/opendnssec/signconf/hipster.biz.xml
>> # ods-enforcer signconf
>> # ls -l /usr/local/var/opendnssec/signconf/hipster.biz.xml
>> -rw-r--r-- 1 opendnssec opendnssec 971 Aug 22 20:54
>> /usr/local/var/opendnssec/signconf/hipster.biz.xml
>>
>> removing that one and `ods-enforcer signconf` either stopped the
>> problem or broke logging :)
> Meanwhile you can fix your setup by doing this to all zones.
i am hesitant, as ods is not logging any errors
> I'll try to reproduce and fix that late afternoon.
many thanks!
randy
---
randy at psg.com
`gpg --locate-external-keys --auto-key-locate wkd randy at psg.com`
signatures are back, thanks to dmarc header butchery
More information about the Opendnssec-user
mailing list