[Eisfair] warning: shell level (1000) too high, resetting to 1
Taxena Gasparov
gastax at gmail.com
Fr Jul 5 00:55:58 CEST 2019
Hallo,
seit einigen Monaten tritt dieser Effekt auch bei mir auf.
Am 08.03.19 um 09:45 schrieb Marcus Roeckrath:
> Die beschriebene Bereinigung erstellt alle notwendigen at-Jobs, wenn also
> danach wieder neue dazukommen, ist da irgendwas nicht in Ordnung.
bereinigt vor ca. 5 Wochen, kommt es jetzt wieder zu diesen Meldungen/Mails.
> Findest du hängende Jobs, die man an vorhandenen mit = beginnenden
> Dateinamen erkennt, vor allem, wenn das Dateidatum älter ist?
ja, es gibt drei Jobs mit = beginnend, allerdings sind sie vom 2.,3. und 4. Juli. Wesentlich älter sind ca.
10 jobs vom 18. Juni ohne =.
> Da sollte man dann auch mal nachschauen, welche URL betroffen, sind, was man
> durch Blick in die Jobdatei feststellen kann.
die drei =-jobs:
/var/install/bin/certs-update-crl --quiet --single 'http://ocsp.suscerte.gob.ve/!PSCProcert.pem'
/var/install/bin/certs-update-crl --quiet --single 'http://ocsp.cacert.org/!CAcert_chain_256.pem'
/var/install/bin/certs-update-crl --quiet --single 'http://ocsp.cacert.org/!CAcert_chain_256.pem'
die zehn nicht =-jobs vom 18. Juni 2019:
/var/install/bin/certs-update-crl --quiet --single 'http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://crl.globalsign.net/root-r2.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://crl.xrampsecurity.com/XGCA.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://ocsp.accv.es/!ACCVRAIZ1.pem'
/var/install/bin/certs-update-crl --quiet --single 'http://crl.securetrust.com/SGCA.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://crl.chambersign.org/chambersroot.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://crl.chambersign.org/chambersignroot.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://fedir.comsign.co.il/crl/ComSignCA.crl'
/var/install/bin/certs-update-crl --quiet --single
'http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl'
/var/install/bin/certs-update-crl --quiet --single
'http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://crl.securetrust.com/STCA.crl'
/var/install/bin/certs-update-crl --quiet --single 'http://ocsp.pki.gva.es/!Root_CA_Generalitat_Valenciana.pem'
> Tauchen da Jobdateien auf, die die gleiche URL enthalten?> grep "certs-update-crl" /var/spool/cron/atjobs/* | cut -d " " -f 4- | sort
> darf IMHO keine doppelten URLs bringen.
doppelt URLs:
http://ocsp.cacert.org/!CAcert_chain_256.pem
http://ocsp.suscerte.gob.ve/!PSCProcert.pem
Mein "10 View Update revocation list(s) logfile":
> │Jul 4 07:43:01 eis certs-update-crl[17115]: - CRL file 'CAcert_chain_256.ocsp' doesn't exist, force download!
> │Jul 4 07:43:01 eis certs-update-crl[17115]: - job '335865' (2019-07-03 07:46->2019-07-04 07:46) created.
> │Jul 4 07:43:01 eis certs-update-crl[17115]:url: http://ocsp.cacert.org/!CAcert_chain_256.pem
> │Jul 4 07:43:02 eis certs-update-crl[17115]: updating hashes
> │Jul 4 07:43:04 eis certs-update-crl[17115]: finished.
> │Jul 4 07:44:00 eis certs-update-crl[19280]: /var/install/bin/certs-update-crl --quiet --single http://ocsp.suscerte.gob.ve/!PSCProcert.pem
> │Jul 4 07:44:00 eis certs-update-crl[19280]: - downloading 'http://ocsp.suscerte.gob.ve/!PSCProcert.pem'
> │Jul 4 07:44:01 eis certs-update-crl[19543]: /var/install/bin/certs-update-crl --quiet --showsingleuri /usr/local/ssl/certs/PSCProcert.pem
> │Jul 4 07:44:01 eis certs-update-crl[19543]: finished.
> │Jul 4 07:44:01 eis certs-update-crl[19280]: - updating CRL list
> │Jul 4 07:44:01 eis certs-update-crl[19280]: - CRL file 'PSCProcert.ocsp' doesn't exist, force download!
> │Jul 4 07:44:01 eis certs-update-crl[19280]: - job '335866' (2019-07-03 07:47->2019-07-04 07:47) created.
> │Jul 4 07:44:01 eis certs-update-crl[19280]:url: http://ocsp.suscerte.gob.ve/!PSCProcert.pem
> │Jul 4 07:44:01 eis certs-update-crl[19280]: updating hashes
> │Jul 4 07:44:03 eis certs-update-crl[19280]: finished.
> │Jul 4 07:45:01 eis certs-update-crl[21659]: /var/install/bin/certs-update-crl --quiet --single http://ocsp.cacert.org/!www.dommainname.dyndns.dd.pem
> │Jul 4 07:45:01 eis certs-update-crl[21659]: - downloading 'http://ocsp.cacert.org/!www.dommainname.dyndns.dd.pem'
> │Jul 4 07:45:02 eis certs-update-crl[22030]: /var/install/bin/certs-update-crl --quiet --showsingleuri /usr/local/ssl/certs/www.dommainname.dyndns.dd.pem
> │Jul 4 07:45:02 eis certs-update-crl[22030]: finished.
> │Jul 4 07:45:03 eis certs-update-crl[22248]: /var/install/bin/certs-update-crl --quiet --showsingleuri /var/certs/ssl/certs/CAcert_chain_256.pem
> │Jul 4 07:45:03 eis certs-update-crl[22248]: finished.
> │Jul 4 07:45:03 eis certs-update-crl[21659]: - updating CRL list
> │Jul 4 07:45:03 eis certs-update-crl[21659]: - CRL file 'www.dommainname.dyndns.dd.ocsp' doesn't exist, force download!
> │Jul 4 07:45:04 eis certs-update-crl[21659]: - job '335867' (2019-07-03 07:48->2019-07-04 07:48) created.
> │Jul 4 07:45:04 eis certs-update-crl[21659]:url: http://ocsp.cacert.org/!www.dommainname.dyndns.dd.pem
> │Jul 4 07:45:04 eis certs-update-crl[21659]: updating hashes ...
> │Jul 4 07:45:07 eis certs-update-crl[21659]: finished.
> │Jul 4 07:46:01 eis certs-update-crl[24481]: /var/install/bin/certs-update-crl --quiet --single http://ocsp.cacert.org/!CAcert_chain_256.pem
> │Jul 4 07:46:01 eis certs-update-crl[24481]: - downloading 'http://ocsp.cacert.org/!CAcert_chain_256.pem'
> │Jul 4 07:46:01 eis certs-update-crl[24629]: /var/install/bin/certs-update-crl --quiet --showsingleuri /usr/local/ssl/certs/CAcert_chain_256.pem
> │Jul 4 07:46:01 eis certs-update-crl[24629]: finished.
> │Jul 4 07:46:01 eis certs-update-crl[24481]: - updating CRL list
> │Jul 4 07:46:01 eis certs-update-crl[24481]: - CRL file 'CAcert_chain_256.ocsp' doesn't exist, force download!
> │Jul 4 07:46:02 eis certs-update-crl[24481]: - job '335868' (2019-07-03 07:49->2019-07-04 07:49) created.
> │Jul 4 07:46:02 eis certs-update-crl[24481]:url: http://ocsp.cacert.org/!CAcert_chain_256.pem
> │Jul 4 07:46:02 eis certs-update-crl[24481]: updating hashes
> │Jul 4 07:46:04 eis certs-update-crl[24481]: finished.
> │Jul 4 07:47:00 eis certs-update-crl[26784]: /var/install/bin/certs-update-crl --quiet --single http://ocsp.suscerte.gob.ve/!PSCProcert.pem
> │Jul 4 07:47:00 eis certs-update-crl[26784]: - downloading 'http://ocsp.suscerte.gob.ve/!PSCProcert.pem'
> │Jul 4 07:47:00 eis certs-update-crl[26949]: /var/install/bin/certs-update-crl --quiet --showsingleuri /usr/local/ssl/certs/PSCProcert.pem
> │Jul 4 07:47:01 eis certs-update-crl[26949]: finished.
> │Jul 4 07:47:01 eis certs-update-crl[26784]: - updating CRL list
> │Jul 4 07:47:01 eis certs-update-crl[26784]: - CRL file 'PSCProcert.ocsp' doesn't exist, force download!
> │Jul 4 07:47:01 eis certs-update-crl[26784]: - job '335869' (2019-07-03 07:50->2019-07-04 07:50) created.
> │Jul 4 07:47:01 eis certs-update-crl[26784]:url: http://ocsp.suscerte.gob.ve/!PSCProcert.pem
> │Jul 4 07:47:01 eis certs-update-crl[26784]: updating hashes
> │Jul 4 07:47:03 eis certs-update-crl[26784]: finished.
> │Jul 4 07:48:00 eis certs-update-crl[28960]: /var/install/bin/certs-update-crl --quiet --single http://ocsp.cacert.org/!www.dommainname.dyndns.dd.pem
> │Jul 4 07:48:00 eis certs-update-crl[28960]: - downloading 'http://ocsp.cacert.org/!www.dommainname.dyndns.dd.pem'
> │Jul 4 07:48:01 eis certs-update-crl[29175]: /var/install/bin/certs-update-crl --quiet --showsingleuri /usr/local/ssl/certs/www.dommainname.dyndns.dd.pem
> │Jul 4 07:48:01 eis certs-update-crl[29175]: finished.
> │Jul 4 07:48:02 eis certs-update-crl[29356]: /var/install/bin/certs-update-crl --quiet --showsingleuri /var/certs/ssl/certs/CAcert_chain_256.pem
> │Jul 4 07:48:02 eis certs-update-crl[29356]: finished.
> │Jul 4 07:48:02 eis certs-update-crl[28960]: - updating CRL list
> │Jul 4 07:48:02 eis certs-update-crl[28960]: - CRL file 'www.dommainname.dyndns.dd.ocsp' doesn't exist, force download!
> │Jul 4 07:48:02 eis certs-update-crl[28960]: - job '335870' (2019-07-03 07:51->2019-07-04 07:51) created.
> │Jul 4 07:48:02 eis certs-update-crl[28960]:url: http://ocsp.cacert.org/!www.dommainname.dyndns.dd.pem
> │Jul 4 07:48:02 eis certs-update-crl[28960]: updating hashes
> │Jul 4 07:48:05 eis certs-update-crl[28960]: finished.
> │Jul 4 07:49:00 eis certs-update-crl[31288]: /var/install/bin/certs-update-crl --quiet --single http://ocsp.cacert.org/!CAcert_chain_256.pem
> │Jul 4 07:49:00 eis certs-update-crl[31288]: - downloading 'http://ocsp.cacert.org/!CAcert_chain_256.pem'
> │Jul 4 07:49:00 eis certs-update-crl[31479]: /var/install/bin/certs-update-crl --quiet --showsingleuri /usr/local/ssl/certs/CAcert_chain_256.pem
> │Jul 4 07:49:00 eis certs-update-crl[31479]: finished.
> │Jul 4 07:49:01 eis certs-update-crl[31288]: - updating CRL list
> │Jul 4 07:49:01 eis certs-update-crl[31288]: - CRL file 'CAcert_chain_256.ocsp' doesn't exist, force download!
> │Jul 4 07:49:01 eis certs-update-crl[31288]: - job '335871' (2019-07-03 07:52->2019-07-04 07:52) created.
> │Jul 4 07:49:01 eis certs-update-crl[31288]:url: http://ocsp.cacert.org/!CAcert_chain_256.pem
> │Jul 4 07:49:01 eis certs-update-crl[31288]: updating hashes
> │Jul 4 07:49:03 eis certs-update-crl[31288]: finished.
> Ich habe auf meinem System mal den ganzen Zertifikatszoo ausgemistet - im
> Menü kann man ermitteln, welche Zertifikate nicht genutzt werden - und habe
> seitdem deutlich weniger Probleme.
mein "6 Identify unrequired certificates/1 Show unrequired certificates":
> │### Find unrequired certificates ###
> │# E - error in certificate chain!
> │# C - client certificate
> │# I - intermediate certificate
> │# R - root certificate
> │# (x) - number of occurencies
> │ERROR:E:apache-webmail.pem (1)
> │ERROR:E:CAcert_chain_256.pem (3)
> │ERROR:E:PSCProcert.pem (1)
> │ERROR:E:eis.dommainname.dyndns.dd.pem (1)
> │ERROR:E:www.dommainname.dyndns.dd.pem (1)
> │# ^^^ check the certficate chain first ^^^
> │DELETE:R:024dc131.pem (0)
> │DELETE:R:039c618a.pem (0)
> │DELETE:R:03f0efa4.pem (0)
> │DELETE:R:062cdee6.pem (0)
> ....
> *
> │| certificate : CAcert_chain_256.pem (590d426f)
> │| subject : O = CAcert Inc. OU = httpwww.CAcert.org CN = CAcert Class 3 Root
> │| issuer : O = Root CA OU = httpwww.cacert.org CN = CA Cert Signing Authority emailAddress = supportcacert.org
> │| MD5 f-print : F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42
> │| SHA1 f-print: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
> │+->| certificate : 99d0fa06.0 (E)
> │ | subject :
> │ | issuer :
> │ | MD5 f-print :
> │ | SHA1 f-print:
> │ | valid until : 05.07.2019 00:00:00 - CERTIFICATE NEEDS AN IMMEDIATE UPDATE!
> │ |
> │ +-> Error: file '/usr/local/ssl/certs/99d0fa06.0' missing!
> │
> │checking certificate chain:
Was bedeutet dies?
certs ist in Version 1.6.5 installiert.
Dank
Taxi
Mehr Informationen über die Mailingliste Eisfair