Opened 6 years ago

Closed 6 years ago

#2184 closed task (fixed)

Enable SSL cert for mapserver.org on osgeo6

Reported by: Jeff McKenna Owned by: sac@…
Priority: normal Milestone:
Component: SysAdmin Keywords:
Cc:

Description

  • mapserver.org lives on osgeo6
  • installed LetsEncypt on osgeo6:
    • /usr/local/sbin/certbot-auto
    • added mapserver.org & gdal.org such as:

certbot-auto --apache -d mapserver.org -d www.mapserver.org

Change History (5)

comment:1 by Jeff McKenna, 6 years ago

BrianH pointed out that for http://lists.osgeo.org/ Firefox suddenly reports:

The owner of lists.osgeo.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Error code: SSL_ERROR_BAD_CERT_DOMAIN The certificate is only valid for the following names: mapserver.org, www.mapserver.org

I believe we should enable letsencrypt for lists.osgeo.org now (or move the ssl.com certificate)

comment:3 by Jeff McKenna, 6 years ago

The problem was the "_default_:443" settings in each of the *.osgeo.org conf files; replacing "_default_" with the IP of the machine solved it. That was tricky.

Now the following have certificates enabled, and a cronjob checks twice a day for renewal:

  mapserver.org
  gdal.org
  grass.osgeo.org
  grasswiki.osgeo.org
  drone.osgeo.org
  lists.osgeo.org

Notes were updated at https://wiki.osgeo.org/wiki/Osgeo6#SSL_certificates

Leaving ticket open to check cronjob tomorrow, and also if other sites on this machine need this certificate.

Sorry again for the downtime.

comment:4 by strk, 6 years ago

I suspect twice a day is too frequent for letsencript renewal. Renewal will be granted when expiration is within 30 days ahead so we could run the check weekly

comment:5 by robe, 6 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.