Closed
Bug 1328435
Opened 8 years ago
Closed 8 years ago
Please switch treeherder.mozilla.org to the SNI based Heroku SSL
Categories
(Infrastructure & Operations :: SSL Certificates, task)
Infrastructure & Operations
SSL Certificates
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: emorley, Assigned: ericz)
References
Details
Stage was switched in bug 1320303. Everything is looking good so we can now do the same for production.
Please could someone:
1) Install/update the Heroku CLI & log in as an admin of the mozilla org (I can give access if needed)
2) Re-upload the treeherder.mozilla.org cert/key (with intermediates included in the cert bundle) to the SNI ELB using:
$ `heroku certs:add example.crt example.key -app treeherder-prod --type sni`
3) Run `heroku domains -a treeherder-prod` to find out the new DNS CNAME target (it should be something like `treeherder.mozilla.org.herokudns.com`)
4) Update the treeherder.mozilla.org CNAME to point to the `<...>.herokudns.com` target instead of the existing `tokyo-43605.herokussl.com` one.
Once 24 hours have passed allowing the DNS to propagate, I'll remove the legacy non-SNI addon.
Many thanks :-)
Reporter | ||
Comment 1•8 years ago
|
||
Would someone be able to take a look at this soon?
Assignee | ||
Updated•8 years ago
|
Assignee: server-ops-webops → eziegenhorn
Assignee | ||
Comment 2•8 years ago
|
||
Cert uploaded to new SNI endpoint, DNS switched and verified working for me.
Reporter | ||
Comment 3•8 years ago
|
||
Many thanks!
Enough time has passed for the DNS changes to have propagated - so I've now removed the legacy SSL endpoint addon:
$ heroku addons:destroy ssl -a treeherder-prod
! WARNING: Destructive Action
! This command will affect the app treeherder-prod
! To proceed, type treeherder-prod or re-run this command with --confirm
! treeherder-prod
treeherder-prod
Destroying th-prod-ssl on treeherder-prod... done
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3920] → [kanban:https://webops.kanbanize.com/ctrl_board/2/4052]
Reporter | ||
Comment 4•8 years ago
|
||
Not sure why Kanban reopened this?
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
It's a bug. Two-way syncing with years-old code and no test suite is adventurous. We'll be mass re-closing them.
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4052] → [kanban:https://webops.kanbanize.com/ctrl_board/2/4124]
Reporter | ||
Updated•8 years ago
|
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4124]
You need to log in
before you can comment on or make changes to this bug.
Description
•