[Opendnssec-user] hsm unable to get key
Berry van Halderen
berry at nlnetlabs.nl
Tue Apr 11 10:46:31 UTC 2023
On 2023-04-10 23:12, Randy Bush via Opendnssec-user wrote:
> freebsd 13.1
> opendnssec 2.1.10
> softhsm 1.3.8
>
> things running happily for months. suddenly, i have logs full of
>
> Apr 9 21:22:12 rip ods-enforcerd[35513]:
> [hsm_key_factory_delete_key] looking for keys to purge from HSM
> Apr 9 21:22:15 rip ods-signerd[35519]: [hsm] unable to get key:
> key c6ab03c6ecd8ca4e9d57eae9ccc79a69 not found
> Apr 9 21:22:15 rip ods-signerd[35519]: [hsm] hsm_get_dnskey(): Got
> NULL key
> Apr 9 21:22:15 rip ods-signerd[35519]: [hsm] unable to get key:
> hsm failed to create dnskey
> Apr 9 21:22:15 rip ods-signerd[35519]: [zone] unable to prepare
> signing keys for zone 150.180.198.in-addr.arpa: error getting dnskey
> Apr 9 21:22:15 rip ods-signerd[35519]: [worker[1]] CRITICAL:
> failed to sign zone 150.180.198.in-addr.arpa: General error
>
Dear Randy,
This resembles a bug related fixed in the past versions. I'll contact
you personally to diagnose that this is indeed the case and whether this
can be resolved by just upgrading.
With kind regards,
\Berry
More information about the Opendnssec-user
mailing list