We have a problem with the signer machine, certificates are currently not created.
There is no way to access the signer machine via internet, to make sure that the machine can not be hacked, so a personal visit to the data center will be necessary to check the machine and get it running again.
Sadly the current Covid-19 pandemy makes travelling to the data center very difficult, so we have no way to fix this problem soon! I’m afraid that it may take several weeks till we get access to the machine and find out the reason for this problem.
Update: Currently we hope that we will be able to make the visit to the data center around easter weekend.
Of course this depends on other developments we have no influence on. For example further restrictions to travelling or intra-EU border crossing may prevent this visit.
Update: In case you can’t access https://www.cacert.org or https://secure.cacert.org currently due to the expired certificate, you may reset the HSTS-status in Chrome:
Open chrome://net-internals/#hsts and delete www.cacert.org and secure.cacert.org settings there. Accessing www.cacert.org will then give you a warning about the expired certificate, but you’ll then be able to continue.
Update: A visit at the datacenter is planned for 2020-05-04 to enable the signer again as well as additional administration tasks on other hardware.
Update: All services are normal again, see new blog post.
Hi,
is that the reason, why the CRL is outdated?
stay save, Tilo
Correct: The CRL is created on the signer … which is currently not working.
Hi Dirk,
is there an update, when the machine will be restartet?
Stay safe, stay healthy.
Tilo
As soon as possible. We’re monitoring the durch Corona-Prevention every day.
Hi everyone who is concerned!
The solution of inaccessible data center can be “lend somebody’s hands”.
Some local person can e.g. restart the signer machine, swap it to any backup machine, make a restore ,…
That person can be instructed via a phone.
Is there any reason not to perform that?
Stay healthy, best regards,
Aleš
Unfortunately this is not possible as persons accessing the hardware (and especially the signer) need to be approved within CAcert (means: are under CAcert Arbitration, approved by board, have an ABC etc.).
But we have good news: A visit at the datacenter is scheduled for 2020-05-04.