#2184: Enable SSL cert for mapserver.org on osgeo6
---------------------------+-------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
- mapserver.org lives on osgeo6
- installed !LetsEncypt on osgeo6:
- /usr/local/sbin/certbot-auto
- added mapserver.org & gdal.org such as:
certbot-auto --apache -d mapserver.org -d www.mapserver.org
- cronjob to renew was not yet added ("certbot-auto renew")
- new cert passes test:
https://www.ssllabs.com/ssltest/analyze.html?d=mapserver.org&latest
- steps documented at
https://wiki.osgeo.org/wiki/Osgeo6#SSL_certificates
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2184>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2184: Enable SSL cert for mapserver.org on osgeo6
---------------------------+--------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by Jeff McKenna):
BrianH pointed out that for http://lists.osgeo.org/ Firefox suddenly
reports:
The owner of lists.osgeo.org has configured their website improperly. To
protect your information from being stolen, Firefox has not connected to
this website.
Error code: SSL_ERROR_BAD_CERT_DOMAIN
The certificate is only valid for the following names: mapserver.org,
www.mapserver.org
I believe we should enable letsencrypt for lists.osgeo.org now (or move
the ssl.com certificate)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2184#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2184: Enable SSL cert for mapserver.org on osgeo6
---------------------------+--------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by Jeff McKenna):
Problem is more visible at
https://www.ssllabs.com/ssltest/analyze.html?d=lists.osgeo.org
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2184#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2184: Enable SSL cert for mapserver.org on osgeo6
---------------------------+--------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by Jeff McKenna):
The problem was the "_default_:443" settings in each of the *.osgeo.org
conf files; replacing "_default_" with the IP of the machine solved it.
That was tricky.
Now the following have certificates enabled, and a cronjob checks twice a
day for renewal:
{{{
mapserver.org
gdal.org
grass.osgeo.org
grasswiki.osgeo.org
drone.osgeo.org
lists.osgeo.org
}}}
Notes were updated at https://wiki.osgeo.org/wiki/Osgeo6#SSL_certificates
Leaving ticket open to check cronjob tomorrow, and also if other sites on
this machine need this certificate.
Sorry again for the downtime.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2184#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2184: Enable SSL cert for mapserver.org on osgeo6
---------------------------+--------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
I suspect twice a day is too frequent for letsencript renewal.
Renewal will be granted when expiration is within 30 days ahead
so we could run the check weekly
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2184#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2184: Enable SSL cert for mapserver.org on osgeo6
---------------------------+---------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2184#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.