Expired certificates not being re-generated at runtime

[mullerju]

Expected Behavior

IoT modules must automatically react to potential changes in the system clock and regenerate automatically new certificates

Current Behavior

Implemented in the attached aziot-expired-cert-handler.sh and cn-aziot-expired-cert-handler.service.
The Azure IoT Edge runtime generates a certificate used by the edgeHub module so that other module may communicate with it. It is set to expire 30 days after the moment of its creation.
The runtime re-generates the certificate right before it is about to expire. However, our embedded computer synchronizes its system clock with remote sources which may cause it to skip over the runtime’s window to regenerate.
The certificate may end up never getting re-generated and therefore becomes expired. The Azure IoT Edge will not automatically re-generate expired certificates while it is running; it only does so at startup.

Steps to Reproduce

Ticket - 2302240040005979

Context (Environment)

Device (host) operating system : Redhat 8.2
Architecture : AMD64 (x86-64)

Runtime Versions

edgeAgent mcr.microsoft.com/azureiotedge-agent: 1.4 (Microsoft)
edgeHub mcr.microsoft.com/azureiotedge-hub: 1.4 (Microsoft)
medmblob mcr.microsoft.com/azure-blob-storage:1.4.2-linux-amd64 1.4.2 (Microsoft)
metrics-collector mcr.microsoft.com/azureiotedge-metrics-collector:1.0.10 1.0.10 (Microsoft)
Docker/Moby [run docker version]: moby-engine 20.10.18+azure-2.el8.x86_64

[github-actions]

This issue is being marked as stale because it has been open for 30 days with no activity.

[chris-dmg]

Hi, are there any news about this issue? We observe the same problem. Is it possibly fixed by fbe35da?

[nyanzebra]

Hi, are there any news about this issue? We observe the same problem. Is it possibly fixed by fbe35da?

Yes, that change might resolve your issue :)