[SAC] osgeo.org certificate?

jive · January 28, 2019, 1:02am

I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?

···

–
Jody Garnett

msmitherdc · January 28, 2019, 1:18am

The certificate expired today. The cron to update the cert must not be running or the process is failing.

Michael Smith

On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com> wrote:

I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
--
--
Jody Garnett
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

Alex_M · January 28, 2019, 1:38am

On 1/27/19 5:18 PM, Michael Smith wrote:

The certificate expired today. The cron to update the cert must not be running or the process is failing.

Michael Smith

On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com> wrote:

I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
--
--
Jody Garnett

There was a warning email from lets encrypt (I got on my personal accounts). If using certbot it need to be updated so that a new method of renenwal is used.

Sandro or Regina, did you set this one up?

Thanks,
Alex

Alex_M · January 28, 2019, 2:19am

Ok, I've fixed it. I think apache was failing to load the renewed certificate, 2 possible reasons:
1. certbot was really old version, now upgraded via apt-get, did a dry run of the renew which didn't find any expired certs.
2. apache had a staging.2018.foss4g.org-le-ssl.conf enabled, but not matching certificate. I removed it from sites enabled and reloaded apache. We can re-enable if we need.

So fixed, and should stay fixed.

Thanks,
Alex

On 1/27/19 5:38 PM, Alex Mandel wrote:

On 1/27/19 5:18 PM, Michael Smith wrote:

The certificate expired today. The cron to update the cert must not be running or the process is failing.

Michael Smith

On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com> wrote:

I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
--
Jody Garnett

There was a warning email from lets encrypt (I got on my personal accounts). If using certbot it need to be updated so that a new method of renenwal is used.

Sandro or Regina, did you set this one up?

Thanks,
Alex
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

jive · January 28, 2019, 3:36am

Thank you everyone

···

–
Jody Garnett

robe · January 28, 2019, 10:41pm

Sorry all. Guess late to the party on this.

Yes I did setup the staging.2018.foss4g.org I thought I had shut that down and revoked it a while ago though.

Yes I did get notices about letsencrypt old certbot will no longer be supported.

I only got a notice about the limesurvey.osgeo.org one though which is on funtoo which I’ll check on before it expires. That one is due to expire in March 1,2019.

From: Jody Garnett [mailto:jody.garnett@gmail.com]
Sent: Sunday, January 27, 2019 10:36 PM
To: Alex Mandel tech@wildintellect.com; System Administration Committee Discussion/OSGeo sac@lists.osgeo.org
Cc: Michael Smith michael.smith.erdc@gmail.com; Regina Obe lr@pcorp.us; Sandro Santilli strk@osgeo.org
Subject: Re: [SAC] osgeo.org certificate?

Thank you everyone

–

Jody Garnett

On Sun, 27 Jan 2019 at 20:19, Alex Mandel <tech_dev@wildintellect.com> wrote:

Ok, I’ve fixed it. I think apache was failing to load the renewed
certificate, 2 possible reasons:

certbot was really old version, now upgraded via apt-get, did a dry
run of the renew which didn’t find any expired certs.

apache had a staging.2018.foss4g.org-le-ssl.conf enabled, but not
matching certificate. I removed it from sites enabled and reloaded
apache. We can re-enable if we need.

So fixed, and should stay fixed.

Thanks,
Alex

On 1/27/19 5:38 PM, Alex Mandel wrote:

On 1/27/19 5:18 PM, Michael Smith wrote:

The certificate expired today. The cron to update the cert must not be
running or the process is failing.

Michael Smith

On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com>
wrote:

I got a warning that the certificate had expired just now, but I am
travelling so it may be a false positive. Can we check please?

–
Jody Garnett

There was a warning email from lets encrypt (I got on my personal
accounts). If using certbot it need to be updated so that a new method
of renenwal is used.

Sandro or Regina, did you set this one up?

Thanks,
Alex

Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac