Task #2800
closedAvoid docs.pulpproject.org certs from expring on July 22, 2017
0%
Description
In order to not have SSL break, we need to regenerate and redeploy our certs to docs.pulpproject.org before July 22, 2017.
The provider we used last time (startssl) has issues with the chain of trust on some browsers (Chrome). This time we should use the well-adopted letsencrypt service instead which will resolve that other issue also.
Lastly, rather than doing this manually we should have Jenkins auto-regenerate and auto-rotate the SSL certs as well. This is important when using letsencrypt because they only issue certs that are valid for 90 days max and they recommend renewing every 60 days.
Updated by amacdona@redhat.com almost 7 years ago
- Groomed changed from No to Yes
Updated by mhrivnak almost 7 years ago
FWIW the cert appears to be valid until July 22, 2017. Here are the top several lines of the cert that's currently in use:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:0b:93:88:24:3b:f7:cd:dc:2a:af:49:9c:33:7c:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 1 DV Server CA
Validity
Not Before: Jul 22 19:10:38 2016 GMT
Not After : Jul 22 19:10:38 2017 GMT
Subject: C=US, CN=docs.pulpproject.org
Updated by bmbouter almost 7 years ago
- Subject changed from Avoid docs.pulpproject.org certs from expring on June 17 2018 to Avoid docs.pulpproject.org certs from expring on July 22, 2017
- Description updated (diff)
mhrivnak that's good. The email I received said they are expiring in 14 days, but the cert date is the authority. I updated the ticket. We may defer this one sprint then.
Updated by bmbouter over 6 years ago
- Status changed from ASSIGNED to CLOSED - COMPLETE
This was completed about a week ago.