Certificate renewal hotfix release
I already started some testing in !30 (merged)
In short, we have a bug that occurs when a certificate is renewed:
- The common name (CN) was set to
certificate for <email>
before the refactoring of the renew_cert script last autumn. - Since we released the new script, the CN is now set to
<email>
- However, our VPN server doesn't like that kind of change, and can suddenly think that we introduced a new client with IPv6 only...
We are still not sure when this bug occurs exactly, but the fix is to take the CN from the VPN server. We first take the CN from the first IPv4 client, otherwise we take it from the first IPv6-only client, otherwise it is set to <email>
.
We are waiting for the merge of renew_cert!3 (merged), but we could work on some improvement already. For instance, there will be new flags, such as --quiet
that should be used in the cron job.