Bug #3312
gerrit.osmocom.org x509 certificate expires in ~11 days
100%
Description
Not sure what is the target for renewal but please make sure it is automatically renewed before it becomes invalid.
+ ./check_ssl_certificate -H gerrit.osmocom.org -c 10 -w 28 m=Jun, d=13, h=02, m=56, s=18, y=2018, z=GMT check_ssl_certificates: WARNING - only 11 day(s) left for this certificate.
History
#3 Updated by laforge 8 months ago
- Status changed from New to Feedback
- Assignee changed from laforge to zecke
- Priority changed from Normal to High
seems like not all related config was migrated, so the cron job starting the container with certbot does nothing.
Hoever, for some strange reason I currently cannot ssh into the old machine (rita) in order to copy the related data.
zecke - did you touch anything? I guess I'll have to reboot the machine if we can no longer log into it?
#5 Updated by zecke 8 months ago
Strange. As SMTP worked but port 40 didn't respond.. I wondered if the disk controller hanged itself again and rebooted. But the same problem persists. The SYN packets to the ssh port are blackholed.
I am sure that I ssh'ed into the machine after the FreeBSD upgrade. Do you know if someone else touched the pf.conf since then? Could you have a look at the diff of the sshd_config and the pf.conf? Maybe from a month ago to yesterday?
I am offline most of the morning but if we have the diff and know it is a firewall config then I can boot into the rescue system and fix the config.
#7 Updated by zecke 8 months ago
Okay. There are too many comments in the pf.conf. I might have commented it out for the gerrit rsync (but I think I did the FreeBSD10.4 upgrade) after that. We should be able to connect from host2.osmocom.org but that doesn't seem to work wither. I will reboot to a rescue system at night.
#8 Updated by laforge 8 months ago
- Priority changed from High to Urgent
- ftp.osmocom.org (as it's not only port 80/443, but also FTP)
- lists.osmocom.org (SMTP)
- osmocom.org (SMTP)
so for gerrit/jenkins/projects/cgit and all the various legacy domains like bb.osmocom.org
, valid certificates are installed again. However, the main project domai n osmocom.org
is still unavailable.
zecke Did you reboot the machine? What was the result?
#9 Updated by laforge 8 months ago
I now changed the dns zone to make osmocom.org point also to the new host2 IP address. Once zone changes propagate, people should be able to access https://osmocom.org/ with a valid certificate.