I just spent several days tracking down a problem on OpenSuSE 15.2 which I don't know who has the responsibility for reporting what failed, the operating system or the server/client applications. Anywise what happened was Certbot automatically updated some security certificates on one of my systems (Nova) and I wasn't aware of the consequences of it doing so. After that happened all of the sudden I lost the ability to connect to the services running on Nova. Autofs/Automount could not mount Samba shares from Nova, vncviewer could not connect to x11vnc service on Nova, ssh could not connect to sshd, knockd no longer opened ports, etc. None of the clients (except ssh but with a caveat) reported anything useful, just generalized crap like "No route to host" I hide a lot of the service's ports behind a port knock sequence which rendered the error messages from ssh invisible also. It was only when I directly opened the ssh port, on Nova, in firewalld and tried connecting that I finally learned what was going on. The cached certificates on my other systems were no longer valid and thus causing the failure. Only ssh actually offers a solution to the user to update the cached certificates with the new one from Nova. But again only if the server's port is not being handled by a portknocker. This was very difficult to track down and resolve! My question is, who should have the responsibility for detecting these out of date certificates, and offering a solution to the users when they are encountered? To my Object Oriented Design mind it seems the O.S. should have this responsibility and it should not be delegated to each individual client/server application. Maybe a distro is not the right place to start such a conversation, but I am only a poor user of OpenSuSE and not a member of any more centralized Linux group(s). After spending so much time tracking this down, I feel this is a deep design flaw in Linux itself but have no idea where to report it. Marc... -- *"The Truth is out there" - Spooky* *_ _ . . . . . . _ _ . _ _ _ _ . . . . _ . . . . _ _ . _ _ _ . . . . _ _ . _ . . _ . _ _ _ _ . _ . _ . _ . _ . * Computers: the final frontier. These are the voyages of the user Marc. His mission: to explore strange new hardware. To seek out new software and new applications. To boldly go where no Marc has gone before! (/This email is digitally signed. My public key for sending encrypted email to me can be found at - https://keys.openpgp.org/search?q=marc@marcchamberlin.com or just ask me for it and I will send it to you as an attachment. If you don't understand, no worries, just ignore it and/or ask me to explain it further./)