| |
@@ -1,6 +1,6 @@
|
| |
- = SSL Certificate Creation SOP
|
| |
+ = SSL Certificates SOP
|
| |
|
| |
- Every now and then you will need to create an SSL certificate for a
|
| |
+ Every now and then you will need to work with SSL certificate for a
|
| |
Fedora Service.
|
| |
|
| |
== Creating a CSR for a new server
|
| |
@@ -51,3 +51,26 @@
|
| |
|
| |
We only want a self-signed certificate to be good for a short time so 30
|
| |
days sounds good.
|
| |
+
|
| |
+ == Renew a SSL certificate
|
| |
+
|
| |
+ To renew SSL certificate for existing service you can run ansible playbook from batcave:
|
| |
+
|
| |
+ ....
|
| |
+ ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t <name_of_service>
|
| |
+ ....
|
| |
+
|
| |
+ For example
|
| |
+ ....
|
| |
+ ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t release-monitoring.org
|
| |
+ ....
|
| |
+
|
| |
+ This will renew the certificates for the service and deploy them on proxies. If some proxies
|
| |
+ fail during the run, just run the playbook again with limiting it only to proxy that failed.
|
| |
+ For example if the previous example failed on `proxy01` you can run the playbook again like this:
|
| |
+
|
| |
+ ....
|
| |
+ ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t release-monitoring.org -l proxy01\*
|
| |
+ ....
|
| |
+
|
| |
+ This will run the playbook only for `proxy01`.
|
| |
zlopez
commented a month ago
This renames making-ssl-certificates to ssl-certificates.
Signed-off-by: Michal Konecny mkonecny@redhat.com