Page MenuHomeMiraheze

Create better system for managing SSL requests
Open, LowPublic


Long planned. Here's a task.

Stage 1:

  • Update certbot cli to check rDNS is correct and either CNAME or NS record is present. Add argument to skip this.
  • Update check_reverse_dns to check records present too.

Stage 2:

  • Create a web form to automate creating SSL tasks + checking validity - refuse to create if invalid.

Stage 3:

  • create a new wrapper for generating new ssl certs, pushing public keys to GitHub & moving private keys to puppet3 and update managewiki. (puppet-user will be pointless at this point).

Stage 4:

  • Move all SSL requests to the new ssl self serve site and allow one click to do everything.

Event Timeline

RhinosF1 triaged this task as Low priority.Sat, Jul 3, 08:49
RhinosF1 updated the task description. (Show Details)

I've created a script, will add it to puppet, deploy it everywhere later.

Icinga will now go off if the domain points in a manner we don't expect.

I'll send a PR tommorow for updating ssl-certificate to run the check too.

After that, I will start work on the beta site for creating new requests. There is a varnish config PR to force all requests via jobrunner3 for it.