Task #2800
closed
Avoid docs.pulpproject.org certs from expring on July 22, 2017
Description
In order to not have SSL break, we need to regenerate and redeploy our certs to docs.pulpproject.org before July 22, 2017.
The provider we used last time (startssl) has issues with the chain of trust on some browsers (Chrome). This time we should use the well-adopted letsencrypt service instead which will resolve that other issue also.
Lastly, rather than doing this manually we should have Jenkins auto-regenerate and auto-rotate the SSL certs as well. This is important when using letsencrypt because they only issue certs that are valid for 90 days max and they recommend renewing every 60 days.
- Groomed changed from No to Yes
FWIW the cert appears to be valid until July 22, 2017. Here are the top several lines of the cert that's currently in use:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:0b:93:88:24:3b:f7:cd:dc:2a:af:49:9c:33:7c:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 1 DV Server CA
Validity
Not Before: Jul 22 19:10:38 2016 GMT
Not After : Jul 22 19:10:38 2017 GMT
Subject: C=US, CN=docs.pulpproject.org
- Subject changed from Avoid docs.pulpproject.org certs from expring on June 17 2018 to Avoid docs.pulpproject.org certs from expring on July 22, 2017
- Description updated (diff)
mhrivnak that's good. The email I received said they are expiring in 14 days, but the cert date is the authority. I updated the ticket. We may defer this one sprint then.
- Sprint/Milestone set to 40
- Status changed from NEW to ASSIGNED
- Sprint/Milestone changed from 40 to 41
- Sprint/Milestone changed from 41 to 42
- Status changed from ASSIGNED to CLOSED - COMPLETE
This was completed about a week ago.
- Sprint/Milestone deleted (
42)
Also available in: Atom
PDF