Skip to main content

API Co-Signer troubleshooting after Azure Cloud maintenance (May 2022)

  • Updated

Note

If you updated your API Co-Signer instance to either version 1.1.4 or 1.1.5 before Microsoft's Azure Cloud maintenance in May 2022, no further action is required.

Troubleshooting

An update is required if any of the following conditions are met.

Outdated API Co-Signer

If your API Co-Signer is earlier than version 1.1.4, update your API Co-Signer. To check your current API Co-Signer version, run the following command:

# head cosigner -n 3 | grep VER

Docker container version is earlier than 3.3.0

Output a list of all running containers using the following command:

# docker ps -a

If the cosigner container returns an image earlier than: registry.gitlab.com/customer-cosigner/v2/azure-cosigner:3.3.0

Transactions stuck at Pending Signature/Queued

If your API Co-Signer version is earlier than 1.1.4, transactions initiated through the Fireblocks API may be stuck in the PENDING_SIGNATURE or QUEUED status.

HTTP response code 426

An update is required if the output of the commands below is:

  • HTTP Response Code 426
  • ERROR 10/05/2022 13:45:07,947 untrusted/ra_loader.cpp(193)

Review logs by running the following commands:

# docker logs cosigner
# docker logs cosigner-init

Updating the API Co-Signer

Follow these instructions to repair and update your API Co-Signer and all relevant files from your existing API Co-Signer instance.

  1. Stop your API Co-Signer instance.
    ./cosigner stop
  2. Kill and remove the docker container and images with the following commands:
    docker kill $(docker ps -q)
    docker rm $(docker ps -aq)
    docker rmi $(docker images -q)
  3. Remove file dependencies related to the earlier API Co-Signer version: 
    rm .local_config
    rm .revision
    rm config.json docker-compose-init.yml docker-compose.yml
    rm -rf /databases
  4. Re-enroll the API user paired with the API Co-Signer by following these instructions.
  5. Contact Fireblocks Support by opening a support request. Include the workspace name and the first four digits of the API key for the API user you want to pair with the API Co-Signer. Fireblocks Support will provide you with a link to update to the latest version of the API Co-Signer.
  6. Proceed with setup by entering the following commands:
    chmod +x cosigner
    ./cosigner setup
  7. Enter the pairing token and Callback Handler URL (if applicable). Learn more about retrieving your pairing token here.
  8. Start the API Co-Signer instance with the following command: 
    ./cosigner start
  9. The workspace Owner must approve a new MPC key shares request from the Fireblocks mobile app, similar to approving any other user with signing privileges.
  10. Confirm the cosigner-init docker container is not running. The following command outputs a list of all running containers:
    docker ps -a
  11. Initiate a test transaction through the API and confirm that the API Co-Signer signs it as expected.
Was this article helpful?
1 out of 1 found this helpful

Related Articles