[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#946938: postgresql-common: pg_upgradecluster woes: fails to upgrade to v12 because ee key too small; postgres also fails to restart after upgrade

On Wed, Dec 18, 2019 at 10:51:06AM +0100, Christoph Berg wrote:
> Control: reassign -1 ssl-cert
> Control: affects -1 postgresql-common
> Re: Julian Gilbey 2019-12-18 <157666085037.520017.6645946659722479335.reportbug@erdos.d-and-j.net>
> > I've just tried upgrading postgresql from version 11 to version 12,
> > following the instructions in README.Debian.
> Hi,
> did you upgrade the OS at the same time?

Hi Christoph,

Thanks for the quick response!

I had recently done an apt upgrade, and it is possible that an ssl
package was upgraded in the process.  I've repeated the exercise on a
different machine, though, and that worked fine.

I had a look at the snake-oil keys, and the "broken" machine's one was
dated 2010, whereas the other machine's was dated 2013.  So I've just
recreated the ssl-cert-snakeoil.pem on the "broken" using the command
make-ssl-cert generate-default-snakeoil --force-overwrite
and now the pg_upgradecluster works (almost) fine.

> > 2019-12-18 08:55:15.323 GMT [520011] FATAL:  could not load server certificate file "/etc/ssl/certs/ssl-cert-snakeoil.pem": ee key too small
> This isn't a PostgreSQL problem, the snakeoil certificate will be
> rejected by any other daemon as well.
> The ssl-cert package should regenerate the keys if the openssl package
> upgrades the key requirements.

So indeed, this seems to be one of the issues - well identified!  I'll
send a separate bug report about the other weirdness.

Best wishes,


Reply to: