Opened 6 years ago
Closed 6 years ago
#2184 closed task (fixed)
Enable SSL cert for mapserver.org on osgeo6
| Reported by: | Jeff McKenna | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
- mapserver.org lives on osgeo6
- installed LetsEncypt on osgeo6:
- /usr/local/sbin/certbot-auto
- added mapserver.org & gdal.org such as:
certbot-auto --apache -d mapserver.org -d www.mapserver.org
- cronjob to renew was not yet added ("certbot-auto renew")
- new cert passes test: https://www.ssllabs.com/ssltest/analyze.html?d=mapserver.org&latest
- steps documented at https://wiki.osgeo.org/wiki/Osgeo6#SSL_certificates
Change History (5)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
Problem is more visible at https://www.ssllabs.com/ssltest/analyze.html?d=lists.osgeo.org
comment:3 by , 6 years ago
The problem was the "_default_:443" settings in each of the *.osgeo.org conf files; replacing "_default_" with the IP of the machine solved it. That was tricky.
Now the following have certificates enabled, and a cronjob checks twice a day for renewal:
mapserver.org gdal.org grass.osgeo.org grasswiki.osgeo.org drone.osgeo.org lists.osgeo.org
Notes were updated at https://wiki.osgeo.org/wiki/Osgeo6#SSL_certificates
Leaving ticket open to check cronjob tomorrow, and also if other sites on this machine need this certificate.
Sorry again for the downtime.
comment:4 by , 6 years ago
I suspect twice a day is too frequent for letsencript renewal. Renewal will be granted when expiration is within 30 days ahead so we could run the check weekly
comment:5 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
BrianH pointed out that for http://lists.osgeo.org/ Firefox suddenly reports:
I believe we should enable letsencrypt for lists.osgeo.org now (or move the ssl.com certificate)