ERROR: Fabric orderer detectSelfID could not find certificate #docker #fabric-ca #fabric-orderer #orderer #organizations


gonzalo.bustos@...
 

Hello,

 

I'm currently working on a project with three organizations and an orderer. So in order to do this, I created a new network, with its own configuration files and with a script that sets up everything (similarly to ./network up -ca, it checks the prereqs, creates the organizations, creates the consortium, and starts the network with the docker-compose). All necessary configurations were added as the Hyperledger Fabric Official documentation suggested and also following the structure of the test-network provided by the sample files.
The Error will be displayed after the Context files. You can skip the Context files  if you like.

 

CONTEXT FILES:

I will provide snippets of certain files such as: /docker-compose.yaml, /network.sh, /ccp-generate.sh, /registerEnroll.sh, /configtx.yaml, in order to help with error context. After all the attachments, the error will be explained.

/docker-compose.yaml


/network.sh


/ccp-generate.sh


/registerEnroll.sh
function createOrderer() {

infoln "Enroll the CA admin"
mkdir -p organizations/ordererOrganizations/orderer.com

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/orderer.com
# rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-server-config.yaml
# rm -rf $FABRIC_CA_CLIENT_HOME/msp

set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
{ set +x; } 2>/dev/null

echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: orderer' >${PWD}/organizations/ordererOrganizations/orderer.com/msp/config.yaml

infoln "Register orderer"
set -x
fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
{ set +x; } 2>/dev/null

infoln "Register the orderer admin"
set -x
fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
{ set +x; } 2>/dev/null

mkdir -p organizations/ordererOrganizations/orderer.com/orderers
mkdir -p organizations/ordererOrganizations/orderer.com/orderers/orderer.com

mkdir -p organizations/ordererOrganizations/orderer.com/orderers/orderer.com

infoln "Generate the orderer msp"
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp --csr.hosts orderer.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
{ set +x; } 2>/dev/null

cp ${PWD}/organizations/ordererOrganizations/orderer.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/config.yaml

infoln "Generate the orderer-tls certificates"
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls --enrollment.profile tls --csr.hosts orderer.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
{ set +x; } 2>/dev/null

cp ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/ca.crt
cp ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/server.crt
cp ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/server.key

mkdir -p ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/tlscacerts/tlsca.orderer.com-cert.pem

mkdir -p ${PWD}/organizations/ordererOrganizations/orderer.com/msp/tlscacerts
cp ${PWD}/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/orderer.com/msp/tlscacerts/tlsca.orderer.com-cert.pem

mkdir -p organizations/ordererOrganizations/orderer.com/users
mkdir -p organizations/ordererOrganizations/orderer.com/users/Admin@...

infoln "Generate the admin msp"
set -x
fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem
{ set +x; } 2>/dev/null

cp ${PWD}/organizations/ordererOrganizations/orderer.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp/config.yaml

}


/configtx.yaml




 


ERROR:

ERROR EXPLANATION:

When bringing up the network (using Fabric CA, and not cryptogen) all that happens on the ./network.sh script is it checks for the prereqs, creates the organizations, creates the consortium and uses docker-compose to start the network.
According to the following snippet of the console logs, all orderer certificates seem to be correctly generated, as is the genesis.block.

console logs:

Create Orderer Org Identities
Enroll the CA admin
+ fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles /var/www/psh/medical-chain/medchain-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2021/10/29 10:38:37 [INFO] Created a default configuration file at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/fabric-ca-client-config.yaml
2021/10/29 10:38:37 [INFO] TLS Enabled
2021/10/29 10:38:37 [INFO] generating key: &{A:ecdsa S:256}
2021/10/29 10:38:37 [INFO] encoded CSR
2021/10/29 10:38:37 [INFO] Stored client certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/msp/signcerts/cert.pem
2021/10/29 10:38:37 [INFO] Stored root CA certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/msp/cacerts/localhost-9054-ca-orderer.pem
2021/10/29 10:38:37 [INFO] Stored Issuer public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/msp/IssuerPublicKey
2021/10/29 10:38:37 [INFO] Stored Issuer revocation public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/msp/IssuerRevocationPublicKey
Register orderer
+ fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles /var/www/psh/medical-chain/medchain-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2021/10/29 10:38:37 [INFO] Configuration file location: /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/fabric-ca-client-config.yaml
2021/10/29 10:38:37 [INFO] TLS Enabled
2021/10/29 10:38:37 [INFO] TLS Enabled
Password: ordererpw
Register the orderer admin
+ fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles /var/www/psh/medical-chain/medchain-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2021/10/29 10:38:37 [INFO] Configuration file location: /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/fabric-ca-client-config.yaml
2021/10/29 10:38:37 [INFO] TLS Enabled
2021/10/29 10:38:37 [INFO] TLS Enabled
Password: ordererAdminpw
Generate the orderer msp
+ fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp --csr.hosts orderer.com --csr.hosts localhost --tls.certfiles /var/www/psh/medical-chain/medchain-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2021/10/29 10:38:37 [INFO] TLS Enabled
2021/10/29 10:38:37 [INFO] generating key: &{A:ecdsa S:256}
2021/10/29 10:38:37 [INFO] encoded CSR
2021/10/29 10:38:37 [INFO] Stored client certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/signcerts/cert.pem
2021/10/29 10:38:37 [INFO] Stored root CA certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/cacerts/localhost-9054-ca-orderer.pem
2021/10/29 10:38:37 [INFO] Stored Issuer public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/IssuerPublicKey
2021/10/29 10:38:37 [INFO] Stored Issuer revocation public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/msp/IssuerRevocationPublicKey
Generate the orderer-tls certificates
+ fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls --enrollment.profile tls --csr.hosts orderer.com --csr.hosts localhost --tls.certfiles /var/www/psh/medical-chain/medchain-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2021/10/29 10:38:37 [INFO] TLS Enabled
2021/10/29 10:38:37 [INFO] generating key: &{A:ecdsa S:256}
2021/10/29 10:38:37 [INFO] encoded CSR
2021/10/29 10:38:38 [INFO] Stored client certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/signcerts/cert.pem
2021/10/29 10:38:38 [INFO] Stored TLS root CA certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/tlscacerts/tls-localhost-9054-ca-orderer.pem
2021/10/29 10:38:38 [INFO] Stored Issuer public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/IssuerPublicKey
2021/10/29 10:38:38 [INFO] Stored Issuer revocation public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/orderers/orderer.com/tls/IssuerRevocationPublicKey
Generate the admin msp
+ fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp --tls.certfiles /var/www/psh/medical-chain/medchain-network/organizations/fabric-ca/ordererOrg/tls-cert.pem
2021/10/29 10:38:38 [INFO] TLS Enabled
2021/10/29 10:38:38 [INFO] generating key: &{A:ecdsa S:256}
2021/10/29 10:38:38 [INFO] encoded CSR
2021/10/29 10:38:38 [INFO] Stored client certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp/signcerts/cert.pem
2021/10/29 10:38:38 [INFO] Stored root CA certificate at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp/cacerts/localhost-9054-ca-orderer.pem
2021/10/29 10:38:38 [INFO] Stored Issuer public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp/IssuerPublicKey
2021/10/29 10:38:38 [INFO] Stored Issuer revocation public key at /var/www/psh/medical-chain/medchain-network/organizations/ordererOrganizations/orderer.com/users/Admin@.../msp/IssuerRevocationPublicKey

 

Generating Orderer Genesis block
+ configtxgen -profile FourOrgsOrdererGenesis -channelID system-channel -outputBlock ./system-genesis-block/genesis.block
2021-10-29 10:38:38.338 -03 [common.tools.configtxgen] main -> INFO 001 Loading configuration
2021-10-29 10:38:38.349 -03 [common.tools.configtxgen.localconfig] completeInitialization -> INFO 002 orderer type: etcdraft
2021-10-29 10:38:38.349 -03 [common.tools.configtxgen.localconfig] completeInitialization -> INFO 003 Orderer.EtcdRaft.Options unset, setting to tick_interval:"500ms" election_tick:10 heartbeat_tick:1 max_inflight_blocks:5 snapshot_interval_size:16777216
2021-10-29 10:38:38.349 -03 [common.tools.configtxgen.localconfig] Load -> INFO 004 Loaded configuration: /var/www/psh/medical-chain/medchain-network/configtx/configtx.yaml
2021-10-29 10:38:38.352 -03 [common.tools.configtxgen] doOutputBlock -> INFO 005 Generating genesis block
2021-10-29 10:38:38.352 -03 [common.tools.configtxgen] doOutputBlock -> INFO 006 Creating system channel genesis block
2021-10-29 10:38:38.352 -03 [common.tools.configtxgen] doOutputBlock -> INFO 007 Writing genesis block


BUT for some reason, the orderer container gets shutdown after a few seconds. And when I go to docker logs -f orderer.com, this is the error I get:



which creates a certification error such as the following one:


All help is very much appreciated!

Environment information that might be useful:
Fabric version: 2.3
Current docker version: 20.10.7
Current docker-compose version: 1.29.2
OS: Ubuntu 20.04