Closed Bug 1259542 Opened 8 years ago Closed 8 years ago

Certificate renewal for openwebdevice.org

Categories

(Infrastructure & Operations :: SSL Certificates, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: jgmize, Assigned: nmaul)

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/2753] )

The cert for https://openwebdevice.org expires on March 28, 2016. Please email me the renewed cert and key encrypted with the gpg key I have published at https://keybayse.io/jgmize
Typo correction: my key is published at https://keybase.io/jgmize
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/2753]
Per discussion with jakem in IRC I'm going to see if I can take care of this myself with ACM instead of going through digicert for the renewal.
I requested a cert through ACM; there should be an email to hostmaster@mozilla.com for verification.
Yep, approved.
Assignee: server-ops-webops → nmaul
Thanks :jakem. I see the cert has been issued in the ACM console, but unfortunately it looks like I won't be able to use that cert outside of the US-East region[0], and neither of our existing clusters are located there (we're currently in Oregon and Ireland). In theory I could set up something to manage the ELB certs using Let's Encrypt[1], but that will take a bit of work that I won't be able to prioritize this week. Given the timeline, I think we're going to need to go with the original plan of renewing through Digicert. :(

[0] http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
[1] https://github.com/alex/letsencrypt-aws
Got the renewed cert from :jakem and installed in the AWS ELB. Verified in firefox and from CLI:

echo | openssl s_client -connect openwebdevice.org:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 25 00:00:00 2016 GMT
notAfter=Apr  5 12:00:00 2017 GMT
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.