Since HSTS enable on *.fedoraproject.org https cert, I am having issues with cert on taskotron-dev.fedoraproject.org .
All other taskotron instances - https://taskotron.fedoraproject.org/ and https://taskotron.stg.fedoraproject.org/ work just fine.
It looks like we're generating the cert ourselves for the dev instance, while we don't do anything about https on other instances.
Is it possible that the cert gets added on some proxy server in Fedora infra?
Thanks for help, and sorry if I've overlooked something :)
This is because it doesn't use our proxy system. it has it's own external ip address and NATs in ports 80/443. We don't have a dev proxy setup available.
So, IMHO we should get it a cert with letsencrypt. The easiest way to do that would be to redirect the thing letsencrypt checks for to our proxies, and then we can use our letencrypt roles. I'll look at doing this.
Metadata Update from @kevin: - Issue assigned to kevin - Issue priority set to: Waiting on Assignee (was: Needs Review)
Done.
Should be using letsencrypt and will renew when needed as the playbook runs.
:sweet_potato:
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Perfect, works like a charm now.
Thank you very much!
Login to comment on this ticket.