Closed Bug 1328435 Opened 8 years ago Closed 8 years ago

Please switch treeherder.mozilla.org to the SNI based Heroku SSL

Categories

(Infrastructure & Operations :: SSL Certificates, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: emorley, Assigned: ericz)

References

Details

Stage was switched in bug 1320303. Everything is looking good so we can now do the same for production. Please could someone: 1) Install/update the Heroku CLI & log in as an admin of the mozilla org (I can give access if needed) 2) Re-upload the treeherder.mozilla.org cert/key (with intermediates included in the cert bundle) to the SNI ELB using: $ `heroku certs:add example.crt example.key -app treeherder-prod --type sni` 3) Run `heroku domains -a treeherder-prod` to find out the new DNS CNAME target (it should be something like `treeherder.mozilla.org.herokudns.com`) 4) Update the treeherder.mozilla.org CNAME to point to the `<...>.herokudns.com` target instead of the existing `tokyo-43605.herokussl.com` one. Once 24 hours have passed allowing the DNS to propagate, I'll remove the legacy non-SNI addon. Many thanks :-)
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3920]
Would someone be able to take a look at this soon?
Assignee: server-ops-webops → eziegenhorn
Cert uploaded to new SNI endpoint, DNS switched and verified working for me.
Many thanks! Enough time has passed for the DNS changes to have propagated - so I've now removed the legacy SSL endpoint addon: $ heroku addons:destroy ssl -a treeherder-prod ! WARNING: Destructive Action ! This command will affect the app treeherder-prod ! To proceed, type treeherder-prod or re-run this command with --confirm ! treeherder-prod treeherder-prod Destroying th-prod-ssl on treeherder-prod... done
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3920] → [kanban:https://webops.kanbanize.com/ctrl_board/2/4052]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Not sure why Kanban reopened this?
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
It's a bug. Two-way syncing with years-old code and no test suite is adventurous. We'll be mass re-closing them.
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4052] → [kanban:https://webops.kanbanize.com/ctrl_board/2/4124]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4124]
You need to log in before you can comment on or make changes to this bug.