Certificates for https://happinesspackets-stg.fedorainfracloud.org/ and for the staging version expired on January 27 and need to be renewed again.
As soon as possible.
Adding owners of the machine who can fix it: @jonatoni @algogator @jflory7 @bee2502 (This host is not maintained by Fedora infrastructure.).
Metadata Update from @mizdebsk: - Issue priority set to: Waiting on Assignee (was: Needs Review)
I don't appear to have SSH access to this host.
@jflory7 I can see that your key is in authorized keys for root. You need to login as root, not jflory7.
Thanks. I was able to log in. It's my first time logging into this host and I don't know of any documentation for how this host is configured. certbot is not installed, but I found a few certificates in /etc/pki/tls/certs/:
certbot
/etc/pki/tls/certs/
happinesspackets.fedorainfracloud.org.bundle
happinesspackets.fedorainfracloud.org.cert
I'm not sure how these were updated last time in #7327 (cc: @kevin perhaps?). If someone can explain what the existing set-up is, I can spend some time to automate this so it doesn't keep coming up.
@jflory7 Infra has no idea how that host is setup. Please ask the person who has set it up previously (I believe they were a GSoC student), since the box is set up entirely different from any other infra machine.
I was confused since #7327 was opened by @algogator, the GSoC student. Since @kevin resolved that ticket, I thought he might know more. I'm not sure how to proceed.
The ssl certs are setup/renewed via the playbook currently.
We should change that however if the person who setup the playbook is gone and no one else is managing it via that. Perhaps a cron or some other method?
In any case I ran the playbook and manually tweaked things so the certs would be renewed. Can you all sort out a alternative way of doing this moving forward now?
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Can you all sort out a alternative way of doing this moving forward now?
Sure. Can you link to the existing playbook you are using? It will help me understand how things work now.
https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/playbooks/hosts/happinesspackets.fedorainfracloud.org.yml
but it has a number of issues. That host is using nginx, and all our hosts use apache... so it doesn't restart the right thing, or update that config or quite put the letsencrypt cert in the right format.
It might be an ok starting point tho.
Thanks @kevin, this is helpful. I'll work on automating this within a couple of months when I have more time to dig into this.
Login to comment on this ticket.