identity and tls certs expired in Hyperledger fabric #ssl #fabric


hansrajrami5@...
 

Hi all !!!

I am running fabric network from about a year. But from last few days identity and tls certs are expired. I've updated identity and tls certificate of peers after that transaction coming to peers and chaincode but not being committed. I've also updated tls and identity certs of orderer as orderer are restarting because of identity certificate expired error. and after that transaction are not being commited and giving this error. 

2021-08-04 05:00:29.192 UTC [orderer.common.broadcast] ProcessMessage -> WARN d06 [channel: mychannel] Rejecting broadcast of message from 10.56.1.5:40874 with SERVICE_UNAVAILABLE: rejected by Consenter: channel mychannel is not serviced by me

I believe I need update certs in channel config as well. I'm trying to fetch channel configs but it is giving this error

2021-08-04 10:38:18.424 IST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-04 10:38:18.804 IST [cli.common] readBlock -> INFO 002 Expect block, but got status: &{SERVICE_UNAVAILABLE}
Error: can't read the block: &{SERVICE_UNAVAILABLE}

 


neeroz.kumar29@...
 

The below error might have been caused due to "system-channel" in which orderer is a participant. You might have created "system-channel" first and then an application channel "mychannel" using the genesis block. Seems like you updated the channel configuration "consenters" in "mychannel" but did not update the same in "system-channel".

2021-08-04 05:00:29.192 UTC [orderer.common.broadcast] ProcessMessage -> WARN d06 [channel: mychannel] Rejecting broadcast of message from 10.56.1.5:40874 with SERVICE_UNAVAILABLE: rejected by Consenter: channel mychannel is not serviced by me
This below error is due to the fact that "orderer" is a participant in "system-channel" but not in your application channel "mychannel". In the HLF version v2.3+ there's no need to create the "system-channel" and "consortium". Orderers and peers can join multiple channel using "osnadmin" cli and when it comes to updating the certificates only the application channel "mychannel" needs to be updated.

2021-08-04 10:38:18.424 IST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-04 10:38:18.804 IST [cli.common] readBlock -> INFO 002 Expect block, but got status: &{SERVICE_UNAVAILABLE}
Error: can't read the block: &{SERVICE_UNAVAILABLE}
You can try to restore the old certificates (i hope you had taken a backup of the crypto materials) and restart the fabric network, and create the "system-channel" and application channel once again.