Replace renewed mirrors.centos.org TLS cert that was already renewed at the centos infra side. Ideally we should find a way to no have to create ticket here every ~90days
Before actual cert is expired, which would block all centos stream 9 machines from getting updates
Validity Not Before: May 16 06:03:49 2022 GMT Not After : Aug 14 06:03:48 2022 GMT
New cert can be found at usual place on bastion.fedoraproject.org (only place I'm able to push something, so in ~/TLS/)
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-trouble, medium-gain, ops
Done!
I think perhaps we could do this with a http validation? since we have the website running here... shall we try that next time this comes up?
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Done! I think perhaps we could do this with a http validation? since we have the website running here... shall we try that next time this comes up?
That's what I initially suggested :-) So if you can confirm that you'll take care of that one (monitoring and updating) at the Fedora side, I'm all for it and can then forget about it :) (and so use your existing automation)
Metadata Update from @arrfab: - Issue status updated to: Open (was: Closed)
ok, lets just do it now and get it done. ;)
And done. ;)
We are now using locally provisioned/deployed certs. You should no longer need to push new certs to us. :)
great, thanks a lot ... :-)
Login to comment on this ticket.