During Microsoft Ignite the Azure IoT Edge version 1.0.2 was released with some important improvements like proxy support.
-> https://azure.microsoft.com/en-us/updates/iot-edge1-0-2/
Today I updated my two Raspberry Pi’s running Raspbian to the new IoT Edge version.
After the update to version 1.0.2 the Azure IoT Edge daemon fails to start. So, I used the following command to get the daemon logs.
journalctl -u iotedge --no-pager --no-full
But this did not provide me with the necessary information I was looking for. I changed the command to journalctl –no-pager and got the information to troubleshoot the issue.
Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [INFO] - Initializing hsm... Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] - An hsm error occurred. Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] - caused by: HSM failure Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] - caused by: HSM Init failure: 44 Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] (/project/hsm-sys/azure-iot-hsm-c/src/edge_pki_openssl.c:validate_certificate_expiration:655) Certificate has expired Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] (/project/hsm-sys/azure-iot-hsm-c/src/edge_pki_openssl.c:check_certificates:1366) Certificate file has expired /var/lib/iotedge/hsm/certs/edge_owner_cav0cQJsrFHjxosiOJDer2oKf-O45ZXKVJrO5WFWtFKe0_.cert.pem Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] (/project/hsm-sys/azure-iot-hsm-c/src/edge_hsm_client_store.c:load_if_cert_and_key_exist_by_alias:1531) Failure when verifying certificate for alias edge_owner_ca Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] (/project/hsm-sys/azure-iot-hsm-c/src/edge_hsm_client_store.c:generate_edge_hsm_certificates_if_needed:1638) Could not check and load owner CA certificate and key Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] (/project/hsm-sys/azure-iot-hsm-c/src/edge_hsm_client_store.c:hsm_provision_edge_certificates:1804) Failure generating required HSM certificates Oct 08 16:54:49 rp3-01 iotedged[748]: 2018-10-08T14:54:49Z [ERR!] (/project/hsm-sys/azure-iot-hsm-c/src/edge_hsm_client_crypto.c:hsm_client_crypto_init:43) Could not create store. Error code 1915
As you can see in the screenshot and the log output, the edge_owner certificate is expired and causes an HSM initialization error. This error lets the Azure IoT Edge daemon fail at the startup.
The current workaround is to delete the edge_owner certificate under the path /var/lib/iotedge/hsm/certs/ and restart the Azure IoT Edge daemon.
sudo systemctl restart iotedge systemctl status iotedge
Afterwards the IoT Edge daemon should start without any issues and you can continue operating your IoT Edge device.
There is also an open GitHub issue where I posted the workaround and just today the Microsoft PG confirmed that this will be fixed in the next release of Azure IoT Edge.
-> https://github.com/Azure/iotedge/issues/378#issuecomment-427877673