Certificate renewal for openwebdevice.org

RESOLVED FIXED

Status

Infrastructure & Operations
WebOps: SSL and Domain Names
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: jgmize, Assigned: jakem)

Tracking

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/2753] )

(Reporter)

Description

2 years ago
The cert for https://openwebdevice.org expires on March 28, 2016. Please email me the renewed cert and key encrypted with the gpg key I have published at https://keybayse.io/jgmize
(Reporter)

Comment 1

2 years ago
Typo correction: my key is published at https://keybase.io/jgmize

Updated

2 years ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/2753]
(Reporter)

Comment 2

2 years ago
Per discussion with jakem in IRC I'm going to see if I can take care of this myself with ACM instead of going through digicert for the renewal.
(Reporter)

Comment 3

2 years ago
I requested a cert through ACM; there should be an email to hostmaster@mozilla.com for verification.
(Assignee)

Comment 4

2 years ago
Yep, approved.
Assignee: server-ops-webops → nmaul
(Reporter)

Comment 5

2 years ago
Thanks :jakem. I see the cert has been issued in the ACM console, but unfortunately it looks like I won't be able to use that cert outside of the US-East region[0], and neither of our existing clusters are located there (we're currently in Oregon and Ireland). In theory I could set up something to manage the ELB certs using Let's Encrypt[1], but that will take a bit of work that I won't be able to prioritize this week. Given the timeline, I think we're going to need to go with the original plan of renewing through Digicert. :(

[0] http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
[1] https://github.com/alex/letsencrypt-aws
(Reporter)

Comment 6

2 years ago
Got the renewed cert from :jakem and installed in the AWS ELB. Verified in firefox and from CLI:

echo | openssl s_client -connect openwebdevice.org:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 25 00:00:00 2016 GMT
notAfter=Apr  5 12:00:00 2017 GMT
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.