Issue removing ssl cert from application with spaces in common name

[deis-admin]

From @msull92 on September 15, 2015 18:14

I am having an issue removing an ssl certificate from an application where the certificate's common name has spaces in it. Is there a way to manually remove this using etcdctl?

Copied from original issue: deis/deis#4487

[deis-admin]

From @benwilber on September 16, 2015 0:35

@msull92 can you try replacing the spaces with %20

edit:

with etcdctl you should be able to remove /deis/certs/<common name>/cert and /deis/certs/<common name>/key

replace spaces in <common name> with %20.

This is definitely a bug that deis controller doesn't url escape keys (even though etcd itself does.) deis controller itself can't write url-escaped keys because then they'll be double-escaped by etcd.

[deis-admin]

From @msull92 on September 16, 2015 14:57

I would love to do that, but it's not even showing up in etcdctl, see below:

Yet it still shows up with the client call.

[deis-admin]

From @msull92 on September 16, 2015 14:57

@benwilber forgot to tag you

[deis-admin]

From @carmstrong on September 16, 2015 15:9

@msull92 It looks like the certificate has been cleared from etcd (and thus shouldn't be served any longer by the router), but is still there in our database.

Do you see an error when you try to delete it? If you could also paste the logs from the controller component when you try to delete the certificate, that'd be helpful. Thanks!

[deis-admin]

From @msull92 on September 16, 2015 15:44

@carmstrong

This causes the log below.

[deis-admin]

From @msull92 on October 21, 2015 5:9

This has since caused an issue with restarting the controller because it tries to load in the certs from the database into etcd and fails because that cert causes an error. So others can find this later I will attach the stack trace.

Traceback (most recent call last): 
 File "./manage.py", line 13, in <module> 
   execute_from_command_line(sys.argv) 
 File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 399, in execute_from_command_line 
   utility.execute() 
 File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute 
   self.fetch_command(subcommand).run_from_argv(self.argv) 
 File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 242, in run_from_argv  
   self.execute(*args, **options.__dict__) 
 File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 285, in execute 
   output = self.handle(*args, **options) 
 File "/app/api/management/commands/load_db_state_to_etcd.py", line 15, in handle 
   obj.save() 
 File "/app/api/models.py", line 1049, in save 
   return super(Certificate, self).save(*args, **kwargs) 
 File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 545, in save 
   force_update=force_update, update_fields=update_fields) 
 File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 582, in save_base 
   update_fields=update_fields, raw=raw, using=using) 
 File "/usr/lib/python2.7/site-packages/django/dispatch/dispatcher.py", line 185, in send 
   response = receiver(signal=self, sender=sender, **named) 
 File "/app/api/models.py", line 1166, in _etcd_publish_cert 
   _etcd_client.write('/deis/certs/{}/cert'.format(cert), cert.certificate) 
 File "/usr/lib/python2.7/site-packages/etcd/client.py", line 269, in write 
   response = self.api_execute(path, method, params=params) 
 File "/usr/lib/python2.7/site-packages/etcd/client.py", line 582, in api_execute 
   return self._handle_server_response(response) 
 File "/usr/lib/python2.7/site-packages/etcd/client.py", line 600, in _handle_server_response 
   raise etcd.EtcdException(resp) 
etcd.EtcdException 

To fix this, log into the database and remove the offending cert from the api_certificate table.

Note: Not sure if it will matter, but just for completeness; I am running a stateless platform on AWS. v1.11.1

[Cryptophobia]

This issue was moved to teamhephy/controller#33