2.3.1 SSL Cert failed to update for SCIM URL

Hi @KnowsNothing. Thanks for reaching out!

Thank you for reporting that the DO marketplace does not have the latest version available. I'm following up with the team to confirm why that is, and to get it bumped to the latest.

I'm sorry to hear that your Let's Encrypt certificate didn't renew automatically. Have you perhaps noticed any errors in the SCIM bridge logs related to the renewal of the certificate?

You can access the logs via the web interface by navigating to the URL where the SCIM bridge is deployed and entering your bearer token. This may not be possible if the certificate is expired. In that case you can also obtain the logs via the Kubernetes command line interface, kubectl.

In a terminal that has access to kubectl and your DO cluster, you can run the following commands to obtain the SCIM bridge logs:
1. Get namespaces: kubectl get namespaces
2. Get application pods: kubectl get pods [--namespace=<scim-bridge-namespace>]
3. Get logs for SCIM bridge pod: kubectl logs <scim-pridge-pod> [--namespace=<scim-bridge-namespace>]

Any errors related to the certificate renewal will help us diagnose why the automatic renewal failed.

For now you can force a renewal of the SCIM bridge by clearing the redis cache and restarting the SCIM bridge. The SCIM bridge caches the Lets Encrypt certificate in redis, and attempts to obtain a new certificate on startup when no certificate is available in the cache.

Note before you continue to the steps below: The tradeoff is that you will also lose the SCIM bridge logs for the last 3 days. If you'd like to keep a copy of the application logs you follow the steps mentioned previously in this post.

The steps to clear the redis cache and restart the SCIM bridge:
1. Open a terminal where you have access to the Kubernetes command line interface (kubectl), and make sure you are connected to the cluster running your SCIM bridge
2. Scale down the SCIM bridge instance in your cluster: kubectl scale --replicas=0 deployment/<scim-bridge-deployment-name>
3. Scale down the redis instance in your cluster: kubectl scale --replicas=0 deployment/<redis-deployment-name>
4. Wait a few seconds for the Kubernetes scheduler to remove the running redis and SCIM bridge instance
5. Scale up the redis instance in your cluster: kubectl scale --replicas=1 deployment/<redis-deployment-name>
6. Scale up the SCIM bridge instance in your cluster: kubectl scale --replicas=1 deployment/<scim-bridge-deployment-name>

You may need to specify the namespace for your SCIM bridge and redis deployment. You can get the namespace for these by issuing the kubectl get deployment --all-namespaces command. You can then include the namespace in the above commands by adding the --namespace=<deployment-namespace> flag.

The SCIM bridge will attempt to get a new certificate from Let's Encrypt when it starts up. You may experience a couple of minutes of downtime while you scale down/up the SCIM bridge and redis instances in your cluster. Feel free to pause provisioning in your identity provider while you perform the steps to force a certificate renewal.

I hope this helps!