I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
···
–
Jody Garnett
I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
–
Jody Garnett
The certificate expired today. The cron to update the cert must not be running or the process is failing.
Michael Smith
On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com> wrote:
I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
--
--
Jody Garnett
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac
On 1/27/19 5:18 PM, Michael Smith wrote:
The certificate expired today. The cron to update the cert must not be running or the process is failing.
Michael Smith
On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com> wrote:
I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
--
--
Jody Garnett
There was a warning email from lets encrypt (I got on my personal accounts). If using certbot it need to be updated so that a new method of renenwal is used.
Sandro or Regina, did you set this one up?
Thanks,
Alex
Ok, I've fixed it. I think apache was failing to load the renewed certificate, 2 possible reasons:
1. certbot was really old version, now upgraded via apt-get, did a dry run of the renew which didn't find any expired certs.
2. apache had a staging.2018.foss4g.org-le-ssl.conf enabled, but not matching certificate. I removed it from sites enabled and reloaded apache. We can re-enable if we need.
So fixed, and should stay fixed.
Thanks,
Alex
On 1/27/19 5:38 PM, Alex Mandel wrote:
On 1/27/19 5:18 PM, Michael Smith wrote:
The certificate expired today. The cron to update the cert must not be running or the process is failing.
Michael Smith
On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com> wrote:
I got a warning that the certificate had expired just now, but I am travelling so it may be a false positive. Can we check please?
--
Jody GarnettThere was a warning email from lets encrypt (I got on my personal accounts). If using certbot it need to be updated so that a new method of renenwal is used.
Sandro or Regina, did you set this one up?
Thanks,
Alex
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac
Thank you everyone
–
Jody Garnett
Sorry all. Guess late to the party on this.
Yes I did setup the staging.2018.foss4g.org I thought I had shut that down and revoked it a while ago though.
Yes I did get notices about letsencrypt old certbot will no longer be supported.
I only got a notice about the limesurvey.osgeo.org one though which is on funtoo which I’ll check on before it expires. That one is due to expire in March 1,2019.
From: Jody Garnett [mailto:jody.garnett@gmail.com]
Sent: Sunday, January 27, 2019 10:36 PM
To: Alex Mandel tech@wildintellect.com; System Administration Committee Discussion/OSGeo sac@lists.osgeo.org
Cc: Michael Smith michael.smith.erdc@gmail.com; Regina Obe lr@pcorp.us; Sandro Santilli strk@osgeo.org
Subject: Re: [SAC] osgeo.org certificate?
Thank you everyone
–
Jody Garnett
On Sun, 27 Jan 2019 at 20:19, Alex Mandel <tech_dev@wildintellect.com> wrote:
Ok, I’ve fixed it. I think apache was failing to load the renewed
certificate, 2 possible reasons:
- certbot was really old version, now upgraded via apt-get, did a dry
run of the renew which didn’t find any expired certs.- apache had a staging.2018.foss4g.org-le-ssl.conf enabled, but not
matching certificate. I removed it from sites enabled and reloaded
apache. We can re-enable if we need.So fixed, and should stay fixed.
Thanks,
AlexOn 1/27/19 5:38 PM, Alex Mandel wrote:
On 1/27/19 5:18 PM, Michael Smith wrote:
The certificate expired today. The cron to update the cert must not be
running or the process is failing.Michael Smith
On Jan 27, 2019, at 6:02 PM, Jody Garnett <jody.garnett@gmail.com>
wrote:I got a warning that the certificate had expired just now, but I am
travelling so it may be a false positive. Can we check please?–
Jody GarnettThere was a warning email from lets encrypt (I got on my personal
accounts). If using certbot it need to be updated so that a new method
of renenwal is used.Sandro or Regina, did you set this one up?
Thanks,
Alex
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac