Page MenuHomeMiraheze

Renew GlobalSign Wildcard cert for Miraheze.org
Closed, ResolvedPublic

Description

Expires in 29 days. Should be renewed. Not sure if @labster has GlobalSign access or not but I think only SPF does.

Event Timeline

John added a subscriber: John.Jul 23 2017, 12:10

You can't renew it per se. The account holder (now SPF) has to ask GlobalSign for a new free certificate. Which might take some time, it did last time at least.

Southparkfan raised the priority of this task from Normal to High.Jul 23 2017, 23:03

This must happen ASAP. Scheduled for Tuesday. In the event I cannot do it then, I will give NDKilla access to the interface.

(Talking about that, John used to have more access than NDKilla - GlobalSign, Namecheap manager account, extra RamNode privileges, etc. Since John is no longer part of ops, I would like to do the same for NDKilla, will also create a Task for that Tuesday, unless someone wants to do it now.)

John added a comment.Jul 23 2017, 23:52

This must happen ASAP. Scheduled for Tuesday. In the event I cannot do it then, I will give NDKilla access to the interface.

Scheduled? Did you forget you have to email them to ask for code for a new cert? Last time it took about 2-3 weeks for them to give it to us. Interface access while useful is useless without a code to order a new cert.

labster added a comment.Jul 24 2017, 00:02

Just as a fallback, if the process doesn't work out like it did before, we can afford to purchase a wildcard cert for a year. They're $99-ish here: https://www.namecheap.com/security/ssl-certificates/wildcard.aspx, and we can shop around, but we already have a Namecheap account. "Issued within 15 minutes" sounds like a good last-ditch effort to avoid downtime, if it comes to that.

In T2025#37843, @John wrote:

This must happen ASAP. Scheduled for Tuesday. In the event I cannot do it then, I will give NDKilla access to the interface.

Scheduled? Did you forget you have to email them to ask for code for a new cert? Last time it took about 2-3 weeks for them to give it to us. Interface access while useful is useless without a code to order a new cert.

You don't have to email them, you only have to fill in the request form.

John added a comment.Jul 24 2017, 10:32

Which generates an email which produces a thread you have to reply to when they reply. You don't get the certificate immediately at all unless they've changed they in the past few months,

Form filled in.

John added a comment.Aug 3 2017, 16:52

Also just noting;

MariaDB and Mail are both SSL capable. Therefore when renewed, MySQL needs to be restarted on db* and dovecot needs to be restarted on misc1.

Southparkfan raised the priority of this task from High to Unbreak Now!.Aug 11 2017, 07:36

GlobalSign did not reply. Since we are very close to expiration (with disastrous results!), we may need to throw our own funds on a wildcard.

@labster said if needed he could get a Namecheap one.

John added a comment.Aug 11 2017, 07:42

@Southparkfan use livechat then

Livechat is unavailable.

John added a comment.Aug 12 2017, 20:22

It'll be the fact it's a Saturday. Try Monday?

John added a comment.Aug 14 2017, 20:28

Getting down to 7 days now. Livechat is definitely available now.

John closed this task as Resolved.Aug 16 2017, 17:50
John claimed this task.
John added a subscriber: Southparkfan.