Hello! Today we can't push apps to CF due to expired SSL certificate of
download.run.pivotal.io

<http://cf-dev.70369.x6.nabble.com/file/n1404/Screen_Shot_2015-08-31_at_15.png>

Here are CF app logs:

2015-08-31T17:36:18.57+0530 [STG/0] ERR [DownloadCache]
WARN Unable to download
https://download.run.pivotal.io/memory-calculator/trusty/x86_64/index
.yml into cache /tmp: SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed

Please fix the cert.

P.S. This issue is for Open Source CF, not Pivotal CF!



--
View this message in context: http://cf-dev.70369.x6.nabble.com/Can-t-push-app-due-to-expired-certificate-tp1404.html
Sent from the CF Dev mailing list archive at Nabble.com.

Hi all,

I encountered the same problem.
The same problem has occurred even PWS.
Please fix as soon as possible.

Yup - I can confirm as well. All buildpacks relying on
download.run.pivotal.io are failing now.

S.

On Mon, Aug 31, 2015 at 3:10 PM, Kei YAMAZAKI <daydream.yamazaki(a)gmail.com>
wrote:

Hi all,

I encountered the same problem.
The same problem has occurred even PWS.
Please fix as soon as possible.

Are you able to work around the issue by skipping SSL validation?

Can you clarify how can I do this?

It is not problem of our installation SSL cert that can be skipped with —skip-ssl-validation.

Aleksey Zalesov | CloudFoundry Engineer | Altoros
Tel: (617) 841-2121 ext. 5707 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: aleksey_zalesov
www.altoros.com <http://www.altoros.com/> | blog.altoros.com <http://blog.altoros.com/> | twitter.com/altoros <http://twitter.com/altoros>

I've reported this and we're working on it.

For what it's worth, this should only affect the Java build pack. I don't
believe the other ones are using that URL. If you're seeing the message
with other build packs, it might be because you aren't setting a specific
build pack for your app (i.e. you are relying on the detect behavior of the
build packs). For non-Java apps if you set a build pack with `-b` or the
`buildpacks` attribute, I believe it should clear up the message.

Dan

On Mon, Aug 31, 2015 at 9:42 AM, Aleksey Zalesov <
aleksey.zalesov(a)altoros.com> wrote:

Can you clarify how can I do this?

It is not problem of our installation SSL cert that can be skipped with
—skip-ssl-validation.

Aleksey Zalesov | CloudFoundry Engineer | Altoros
Tel: (617) 841-2121 ext. 5707 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: aleksey_zalesov
www.altoros.com | blog.altoros.com | twitter.com/altoros

On 31 Aug 2015, at 16:18, Quintessence Anx <qanx(a)starkandwayne.com> wrote:

Are you able to work around the issue by skipping SSL validation?
On Aug 31, 2015 9:10 AM, "Kei YAMAZAKI" <daydream.yamazaki(a)gmail.com>
wrote:

Hi all,

I encountered the same problem.
The same problem has occurred even PWS.
Please fix as soon as possible.

Ah sorry - I wasn't able to see the image of the error on my phone. I
thought it was a different error.

On Mon, Aug 31, 2015 at 9:42 AM, Aleksey Zalesov <
aleksey.zalesov(a)altoros.com> wrote:

Can you clarify how can I do this?

It is not problem of our installation SSL cert that can be skipped with
—skip-ssl-validation.

Aleksey Zalesov | CloudFoundry Engineer | Altoros
Tel: (617) 841-2121 ext. 5707 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: aleksey_zalesov
www.altoros.com | blog.altoros.com | twitter.com/altoros

On 31 Aug 2015, at 16:18, Quintessence Anx <qanx(a)starkandwayne.com> wrote:

Are you able to work around the issue by skipping SSL validation?
On Aug 31, 2015 9:10 AM, "Kei YAMAZAKI" <daydream.yamazaki(a)gmail.com>
wrote:

Hi all,

I encountered the same problem.
The same problem has occurred even PWS.
Please fix as soon as possible.

Hi all,

Just an update: This affects:

* users of the "online" a.k.a. "uncached" java-buildpack,
* users of the "online/uncached" ruby-buildpack 1.5.0 and later who haved
opted-in to JRuby.

We're currently waiting for a new cert to be installed.

I'll obviously follow up with the java-buildpack team to make sure all the
buildpacks are using the same domain for downloading artifacts.

Disable ssl verification workaround works.
https://github.com/kei-yamazaki/java-buildpack/commit/6b0551ce62f3be3b60e687775554f6f5b126cd0c

It can push with -b option.
cf push <APP-NAME> -b https://github.com/kei-yamazaki/java-buildpack.git\#disable-ssl-verification

Hi all,

A new cert has been pushed, and it looks like this issue is resolved.
Please let me know if you're still experiencing SSL issues when downloading
java-buildpack artifacts.


On Mon, Aug 31, 2015 at 11:29 AM, Mike Dalessio <mdalessio(a)pivotal.io>
wrote:

Hi all,

Just an update: This affects:

* users of the "online" a.k.a. "uncached" java-buildpack,
* users of the "online/uncached" ruby-buildpack 1.5.0 and later who haved
opted-in to JRuby.

We're currently waiting for a new cert to be installed.

I'll obviously follow up with the java-buildpack team to make sure all the
buildpacks are using the same domain for downloading artifacts.


On Mon, Aug 31, 2015 at 10:33 AM, Daniel Mikusa <dmikusa(a)pivotal.io>
wrote:

I've reported this and we're working on it.

For what it's worth, this should only affect the Java build pack. I
don't believe the other ones are using that URL. If you're seeing the
message with other build packs, it might be because you aren't setting a
specific build pack for your app (i.e. you are relying on the detect
behavior of the build packs). For non-Java apps if you set a build pack
with `-b` or the `buildpacks` attribute, I believe it should clear up the
message.

Dan

On Mon, Aug 31, 2015 at 9:42 AM, Aleksey Zalesov <
aleksey.zalesov(a)altoros.com> wrote:

Can you clarify how can I do this?

It is not problem of our installation SSL cert that can be skipped with
—skip-ssl-validation.

Aleksey Zalesov | CloudFoundry Engineer | Altoros
Tel: (617) 841-2121 ext. 5707 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: aleksey_zalesov
www.altoros.com | blog.altoros.com | twitter.com/altoros

On 31 Aug 2015, at 16:18, Quintessence Anx <qanx(a)starkandwayne.com>
wrote:

Are you able to work around the issue by skipping SSL validation?
On Aug 31, 2015 9:10 AM, "Kei YAMAZAKI" <daydream.yamazaki(a)gmail.com>
wrote:

Hi all,

I encountered the same problem.
The same problem has occurred even PWS.
Please fix as soon as possible.

i was just able to use the online version of the buildpack again after the
new cert started propagating.

thanks to all who helped report and work on this so quickly!

we're going to do a post-mortem on the issue to see why the certification
expiration was missed.

On Mon, Aug 31, 2015 at 8:33 AM, Kei YAMAZAKI <daydream.yamazaki(a)gmail.com>
wrote:

Disable ssl verification workaround works.

https://github.com/kei-yamazaki/java-buildpack/commit/6b0551ce62f3be3b60e687775554f6f5b126cd0c

It can push with -b option.
cf push <APP-NAME> -b
https://github.com/kei-yamazaki/java-buildpack.git\#disable-ssl-verification

--
Thank you,

James Bayer

Thank you guys for fixing this issue!

I am able to push java apps again.



--
View this message in context: http://cf-dev.70369.x6.nabble.com/Can-t-push-app-due-to-expired-certificate-tp1404p1415.html
Sent from the CF Dev mailing list archive at Nabble.com.