During a CA rotation our service stopped working. The readiness probe failed with the following error:
{"@timestamp":"2021-01-29T12:38:57.943Z","@version":"1","message":"Querying for pods with label selector: [app=xxx]. Namespace: [xxx]. Port: [None]","logger_name":"akka.discovery.kubernetes.KubernetesApiServiceDiscovery","thread_name":"xxx-akka.actor.default-dispatcher-20","level":"INFO","level_value":20000,"akkaAddress":"akka://xxx@xx.xxx.xxx.xxx:25520","sourceThread":"xxx-akka.actor.default-dispatcher-3","akkaSource":"KubernetesApiServiceDiscovery(akka://xxx)","sourceActorSystem":"xxx","akkaTimestamp":"12:38:57.943UTC","application":"xxx","environment":"production"}
[12:40:07] {"@timestamp":"2021-01-29T12:38:57.981Z","@version":"1","message":"Resolve attempt failed! Cause: javax.net.ssl.SSLHandshakeException: General SSLEngine problem","logger_name":"akka.management.cluster.bootstrap.internal.BootstrapCoordinator","thread_name":"xxx-akka.actor.default-dispatcher-20","level":"WARN","level_value":30000,"akkaAddress":"akka://xxx@xx.xxx.xxx.xxx:25520","sourceThread":"xxx-akka.actor.default-dispatcher-21","akkaSource":"akka://xxx/system/bootstrapCoordinator","sourceActorSystem":"xxx","akkaTimestamp":"12:38:57.981UTC","tags":["akkaBootstrapResolveFailed"],"application":"xxx","environment":"production"}
We tried to disable the hostname verification with no luck
ssl-config {
loose {
disableHostnameVerification = true
}
}
The problem is that there are 2 certificates on the server in the ca.crt as a bundle, the old and the new one and for some reason it’s not parsing the new one . I’d appreciate if you could help with this. Thank you