This repository was archived by the owner on Nov 24, 2025. It is now read-only.
This repository was archived by the owner on Nov 24, 2025. It is now read-only.
Snapshotting a CDN that has an HTTPS delivery service w/ no cert causes TR crconfig reload failure #5893
Description
I'm submitting a ...
- bug report
Traffic Control components affected ...
- Traffic Ops
- Traffic Router
Current behavior:
TR will not load a snapshot that has an HTTPs delivery service with a missing cert, therefore, TR will be stuck with an old snapshot until the problem is resolved and a cert is created for the HTTPS ds or the HTTPS ds is switched to HTTP.
Expected behavior:
Prevent the creation of an invalid snapshot or TR should handle invalid snapshots more gracefully.
Minimal reproduction of the problem with instructions:
- Create a delivery service with protocol=HTTPS. Do NOT add a cert to the delivery service.
- snapshot the cdn for the delivery service
- TR will not reload the new snapshot due to the missing cert
Anything else:
Possible solutions:
- when snapshotting a cdn via the api, return 400 if any of the cdn's https delivery services are missing a cert.
- auto-generate a self-signed cert when creating an https ds or updating an http ds to an https ds.
- TR could somehow filter out the bad ds's and consume the rest of the snapshot?