gerrit.osmocom.org x509 certificate expires in ~11 days
Not sure what is the target for renewal but please make sure it is automatically renewed before it becomes invalid.
+ ./check_ssl_certificate -H gerrit.osmocom.org -c 10 -w 28 m=Jun, d=13, h=02, m=56, s=18, y=2018, z=GMT check_ssl_certificates: WARNING - only 11 day(s) left for this certificate.
#3 Updated by laforge over 1 year ago
- Status changed from New to Feedback
- Assignee changed from laforge to zecke
- Priority changed from Normal to High
seems like not all related config was migrated, so the cron job starting the container with certbot does nothing.
Hoever, for some strange reason I currently cannot ssh into the old machine (rita) in order to copy the related data.
zecke - did you touch anything? I guess I'll have to reboot the machine if we can no longer log into it?
#5 Updated by zecke over 1 year ago
Strange. As SMTP worked but port 40 didn't respond.. I wondered if the disk controller hanged itself again and rebooted. But the same problem persists. The SYN packets to the ssh port are blackholed.
I am sure that I ssh'ed into the machine after the FreeBSD upgrade. Do you know if someone else touched the pf.conf since then? Could you have a look at the diff of the sshd_config and the pf.conf? Maybe from a month ago to yesterday?
I am offline most of the morning but if we have the diff and know it is a firewall config then I can boot into the rescue system and fix the config.
#7 Updated by zecke over 1 year ago
Okay. There are too many comments in the pf.conf. I might have commented it out for the gerrit rsync (but I think I did the FreeBSD10.4 upgrade) after that. We should be able to connect from host2.osmocom.org but that doesn't seem to work wither. I will reboot to a rescue system at night.
#8 Updated by laforge over 1 year ago
- Priority changed from High to Urgent
- ftp.osmocom.org (as it's not only port 80/443, but also FTP)
- lists.osmocom.org (SMTP)
- osmocom.org (SMTP)
so for gerrit/jenkins/projects/cgit and all the various legacy domains like
bb.osmocom.org, valid certificates are installed again. However, the main project domai n
osmocom.org is still unavailable.
zecke Did you reboot the machine? What was the result?