Noticed on the Internet that there seems to be a new satellite available. Restarted node. It seems there are no new satellites available.
I get this error upon every startup, don’t see anything on the forum about it, does it have anything to do with it? Why does it happen?
WARN trust Failed to fetch URLs from source; used cache {"source": "https://tardigrade.io/trusted-satellites", "error": "HTTP source: Get https://tardigrade.io/trusted-satellites: x509: certificate signed by unknown authority", "errorVerbose": "HTTP source: Get https://tardigrade.io/trusted-satellites: x509: certificate signed by unknown authority\n\tstorj.io/storj/storagenode/trust.(*HTTPSource).FetchEntries:63\n\tstorj.io/storj/storagenode/trust.(*List).fetchEntries:90\n\tstorj.io/storj/storagenode/trust.(*List).FetchURLs:49\n\tstorj.io/storj/storagenode/trust.(*Pool).fetchURLs:240\n\tstorj.io/storj/storagenode/trust.(*Pool).Refresh:177\n\tstorj.io/storj/storagenode.(*Peer).Run:696\n\tmain.cmdRun:200\n\tstorj.io/private/process.cleanup.func1.4:343\n\tstorj.io/private/process.cleanup.func1:361\n\tgithub.com/spf13/cobra.(*Command).execute:840\n\tgithub.com/spf13/cobra.(*Command).ExecuteC:945\n\tgithub.com/spf13/cobra.(*Command).Execute:885\n\tstorj.io/private/process.ExecWithCustomConfig:86\n\tstorj.io/private/process.ExecCustomDebug:68\n\tmain.main:320\n\truntime.main:203"}
In case this has nothing to do with it, why do I not see the new satellite on the SNOBoard?
This isn’t about the identity, but rather the certificate used on the https://tardigrade.io/trusted-satellites page. It uses the let’s encrypt certificate authority. It might be that your certificate store doesn’t include it. I guess this is a relatively new CA.
I don’t know what OS you use, but I’d google how to update the trusted CA list on your OS.
Let’s Encrypt is fairly old now… it came out with the Snowden information dump. It should be included in all certificate stores for all updated OSes…
Let’s Encrypt certs are free and are all domain validated which renew automatically every 3 months in the default configuration.
I use Let’s Encrypt on all my non-business domains. Business domains might require a higher level cert depending on the services being processed. Banking domains typically deploy EV certs, and browsers display the “green” bar…
However, the “green” bar is only as useful as the weakest CA on the planet… Thus, enter in the sometimes controversial DNSSEC… but few browsers check DNSSEC…
In short, the CA system is broken by design, long live CAs.
Ah (Stor)geez, looks like I’ll be fiddling with certificates again. Nothing ever works as it should. It’s a complete system, FreeNAS, it should have these things included by default.