Describe the bug
I'm using the default cups-files.conf configuration, which as I understand it automatically generates self-signed certificates. This worked fine until the certificate expired last September, and as a result network printing (from a Mac client to my Linux server) mysteriously stopped working.
Today I finally did some research to discover that the expired certificate was the cause. Specifically I ran the following from /etc/cups/ssl:
[root@atlantis ssl]# openssl x509 -enddate -noout -in atlantis.crt
notAfter=Sep 17 13:24:10 2025 GMT
I was able to work around the issue by removing the existing files from the ssl directory. The next time I printed, CUPS generated a new certificate.
To Reproduce
Steps to reproduce the behavior:
- Set up a printer on a CUPS server and share the printer.
- Set up the printer on a remote MacOS client.
- Ensure that CUPS has a self-signed certificate (e.g. by printing a test page from the remote client).
- Wait for the certificate to expire. (There may be a way to manually set the certificate as expired. I don't know enough about certificates to say).
- Try printing from the MacOS client.
Expected behavior
The CUPS server notices the expired certificate, automatically generates a new one, and the print job in step 5 succeeds.
Actual behavior
The Mac is stuck trying to print indefinitely, apparently because it refuses to establish a connection with a server with an expired certificate, and the CUPS server is not regenerating the expired certificate.
System Information:
- Server OS and its version: Arch Linux 6.18.6-arch1-1
- Client OS and its version: MacOS Sonoma 14.8.3
- Application Firefox 147.0 (64-bit)
- CUPS version (server-side): 2.4.16-1
Additional context
The /etc/cups/ssl directory had drwx------ permissions, with owners root:cups. The cups server runs as root. As far as I can tell, all of those are the defaults under Arch Linux.
Even before my workaround, I was still able to print from my Android phone. I suspect that the Android/Linux CUPS client falls back to unencrypted printing by default, while MacOS refuses to print without encryption by default.
The printer uses a driver, which I can see in the error logs is deprecated. The driver appears to be /var/cache/cups/Brother_HL-L2300D_series.data based on the logs.
Describe the bug
I'm using the default cups-files.conf configuration, which as I understand it automatically generates self-signed certificates. This worked fine until the certificate expired last September, and as a result network printing (from a Mac client to my Linux server) mysteriously stopped working.
Today I finally did some research to discover that the expired certificate was the cause. Specifically I ran the following from /etc/cups/ssl:
I was able to work around the issue by removing the existing files from the
ssldirectory. The next time I printed, CUPS generated a new certificate.To Reproduce
Steps to reproduce the behavior:
Expected behavior
The CUPS server notices the expired certificate, automatically generates a new one, and the print job in step 5 succeeds.
Actual behavior
The Mac is stuck trying to print indefinitely, apparently because it refuses to establish a connection with a server with an expired certificate, and the CUPS server is not regenerating the expired certificate.
System Information:
Additional context
The /etc/cups/ssl directory had
drwx------permissions, with ownersroot:cups. The cups server runs as root. As far as I can tell, all of those are the defaults under Arch Linux.Even before my workaround, I was still able to print from my Android phone. I suspect that the Android/Linux CUPS client falls back to unencrypted printing by default, while MacOS refuses to print without encryption by default.
The printer uses a driver, which I can see in the error logs is deprecated. The driver appears to be
/var/cache/cups/Brother_HL-L2300D_series.databased on the logs.