Page MenuHomeMiraheze

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Tag for issues relating to SSL work.

Recent Activity

Yesterday

Universal_Omega closed T11987: SSL script broke, not committing public keys as Resolved.

I have switched the SSL bot to the WikiTideSSLBot account. Please let me know if there are any issues with certs now.

Thu, Mar 28, 18:03 · Infrastructure (SRE), SSL
MacFan4000 added a comment to T11987: SSL script broke, not committing public keys.

It would be great if this could be looked into as SSL requests are starting to pile up.

Thu, Mar 28, 15:47 · Infrastructure (SRE), SSL

Tue, Mar 26

OrangeStar closed T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain as Declined.

Using RDAP (preferably) or WHOIS is a better solution for these kinds of issues.

Tue, Mar 26, 17:49 · SRE Automation, Monitoring, SSL, Infrastructure (SRE)

Mon, Mar 25

Universal_Omega added a comment to T11987: SSL script broke, not committing public keys.

At this point I think our only option may be to switch to a new account if we can't retrieve access to MirahezeSSLBot. But we'll see if we can find a recovery code or something first. I believe that is still controlled by John and we should retrieve access somehow.

Mon, Mar 25, 03:28 · Infrastructure (SRE), SSL
MacFan4000 triaged T11987: SSL script broke, not committing public keys as High priority.
Mon, Mar 25, 00:34 · Infrastructure (SRE), SSL

Sun, Mar 24

MacFan4000 created T11987: SSL script broke, not committing public keys.
Sun, Mar 24, 22:41 · Infrastructure (SRE), SSL

Sat, Mar 23

Universal_Omega lowered the priority of T11837: Migrate certs from RSA to ECDSA for key from Normal to Low.
Sat, Mar 23, 06:13 · SSL, Site Reliability Engineering

Sat, Mar 9

Dragon_Fish added a comment to T11937: SSL for custom domain: ngnlzh.miraheze.org.

Appreciate

Sat, Mar 9, 17:27 · MediaWiki (SRE), SSL
MacFan4000 closed T11938: SSL for custom domain: phighting.miraheze.org as Resolved.
Sat, Mar 9, 00:37 · MediaWiki (SRE), SSL

Fri, Mar 8

MacFan4000 closed T11937: SSL for custom domain: ngnlzh.miraheze.org as Resolved.
Fri, Mar 8, 22:38 · MediaWiki (SRE), SSL
MacFan4000 closed T11932: SSL for custom domain: letspartywiki.miraheze.org as Resolved.
Fri, Mar 8, 22:36 · MediaWiki (SRE), SSL
MacFan4000 moved T11938: SSL for custom domain: phighting.miraheze.org from Backlog to NS on the SSL board.
Fri, Mar 8, 20:57 · MediaWiki (SRE), SSL
MacFan4000 moved T11932: SSL for custom domain: letspartywiki.miraheze.org from Waiting on response to CNAME on the SSL board.
Fri, Mar 8, 20:57 · MediaWiki (SRE), SSL

Thu, Mar 7

Sillyvizion created T11938: SSL for custom domain: phighting.miraheze.org.
Thu, Mar 7, 22:30 · MediaWiki (SRE), SSL
OrangeStar moved T11937: SSL for custom domain: ngnlzh.miraheze.org from Backlog to CNAME on the SSL board.
Thu, Mar 7, 15:16 · MediaWiki (SRE), SSL
Dragon_Fish added a comment to T11937: SSL for custom domain: ngnlzh.miraheze.org.

FYI

image.png (397×1 px, 37 KB)

Thu, Mar 7, 12:46 · MediaWiki (SRE), SSL
Dragon_Fish created T11937: SSL for custom domain: ngnlzh.miraheze.org.
Thu, Mar 7, 11:59 · MediaWiki (SRE), SSL
RedrcknRbn added a comment to T11932: SSL for custom domain: letspartywiki.miraheze.org.

Updated both (for some reason my nameservers had reset to the default ones)

Thu, Mar 7, 03:16 · MediaWiki (SRE), SSL

Wed, Mar 6

MacFan4000 added a comment to T11932: SSL for custom domain: letspartywiki.miraheze.org.

Your domain also isn't using cloudflare nameservers, thus it isn't working.

Wed, Mar 6, 22:46 · MediaWiki (SRE), SSL
MacFan4000 added a comment to T11932: SSL for custom domain: letspartywiki.miraheze.org.

Please disable orange cloud/proxied such that it is on grey cloud/DNS only.

Wed, Mar 6, 22:44 · MediaWiki (SRE), SSL
RedrcknRbn added a comment to T11932: SSL for custom domain: letspartywiki.miraheze.org.

I did, both CNAME and DS in cloudflare is pointed to y'all.

image.png (230×1 px, 22 KB)

Wed, Mar 6, 22:20 · MediaWiki (SRE), SSL
MacFan4000 moved T11932: SSL for custom domain: letspartywiki.miraheze.org from Backlog to Waiting on response on the SSL board.

Please note that if you want this setup, you'll need to register the domain and point it to us.

Wed, Mar 6, 17:52 · MediaWiki (SRE), SSL
RedrcknRbn created T11932: SSL for custom domain: letspartywiki.miraheze.org.
Wed, Mar 6, 09:07 · MediaWiki (SRE), SSL

Tue, Mar 5

Reception123 closed T11911: SSL for custom domain: newlifewiki.miraheze.org as Declined.

No response. Please feel free to reopen if still needed.

Tue, Mar 5, 16:15 · MediaWiki (SRE), SSL

Fri, Mar 1

MacFan4000 moved T11911: SSL for custom domain: newlifewiki.miraheze.org from Backlog to Waiting on response on the SSL board.

Please confirm that you need a CSE, and intend to purchase your own SSL certificate.

Fri, Mar 1, 18:42 · MediaWiki (SRE), SSL

Feb 28 2024

TGSpace created T11911: SSL for custom domain: newlifewiki.miraheze.org.
Feb 28 2024, 07:31 · MediaWiki (SRE), SSL

Feb 27 2024

Universal_Omega added a comment to T11837: Migrate certs from RSA to ECDSA for key.

There is an option to automatically migrate when running cert renewals we could probably pretty easily do this. It might be a good idea...

Feb 27 2024, 06:34 · SSL, Site Reliability Engineering

Feb 25 2024

Universal_Omega triaged T11902: Implement auto renewals for some wildcard domains in LetsEncrypt as Normal priority.
Feb 25 2024, 18:34 · SRE Automation, Infrastructure (SRE), SSL, Puppet, DNS

Feb 19 2024

MacFan4000 changed the status of T11873: SSL for custom domain: cco.miraheze.org from Invalid to Resolved.

This has been handled.

Feb 19 2024, 16:22 · MediaWiki (SRE), SSL
OrangeStar closed T11873: SSL for custom domain: cco.miraheze.org as Invalid.

Please use Special:RequestSSL on Meta. Additionally, please change the CNAME record's target to mw-lb.miraheze.org.

Feb 19 2024, 16:13 · MediaWiki (SRE), SSL
HermesDE created T11873: SSL for custom domain: cco.miraheze.org.
Feb 19 2024, 15:10 · MediaWiki (SRE), SSL

Feb 15 2024

MacFan4000 closed T11852: SSL for custom domain: b3313.miraheze.org as Resolved.
Feb 15 2024, 01:36 · MediaWiki (SRE), SSL

Feb 14 2024

bb010g added a comment to T11852: SSL for custom domain: b3313.miraheze.org.

@Reception123 The DNS was configured as directed before the ticket was opened. I didn't see any issues when verifying just now, both in the Cloudflare Dash and from drill "wiki.b3313.org".

Feb 14 2024, 11:57 · MediaWiki (SRE), SSL
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

I can now confirm that since notifications are fixed (thanks @Universal_Omega !) RequestSSL is operational.
What remains to be done is to add a check on-wiki for whether CNAME or NS is pointed (@Universal_Omega has an idea for how to do that easily) and then for the puppet API

Feb 14 2024, 07:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T11852: SSL for custom domain: b3313.miraheze.org.

@bb010g Could you please set the DNS per above as instructed in https://meta.miraheze.org/wiki/Custom%20domains now?

Feb 14 2024, 06:14 · MediaWiki (SRE), SSL
bb010g created T11852: SSL for custom domain: b3313.miraheze.org.
Feb 14 2024, 01:05 · MediaWiki (SRE), SSL

Feb 13 2024

OrangeStar renamed T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain from check_reverse_dns should contact authoritative nameservers for the TLD directly on DNS checks to check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain.
Feb 13 2024, 20:37 · SRE Automation, Monitoring, SSL, Infrastructure (SRE)
Reception123 closed T11850: SSL for custom domain: loveanddeepspace.miraheze.org as Resolved.
Feb 13 2024, 20:35 · MediaWiki (SRE), SSL
RhinosF1 added projects to T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain: Monitoring, SRE Automation.
Feb 13 2024, 20:32 · SRE Automation, Monitoring, SSL, Infrastructure (SRE)
Reception123 triaged T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain as Low priority.
Feb 13 2024, 20:29 · SRE Automation, Monitoring, SSL, Infrastructure (SRE)
Elaeagnifolia created T11850: SSL for custom domain: loveanddeepspace.miraheze.org.
Feb 13 2024, 19:43 · MediaWiki (SRE), SSL
Reception123 closed T11842: SSL for custom domain: thff.miraheze.org as Resolved.
Feb 13 2024, 06:38 · MediaWiki (SRE), SSL
Reception123 closed T11839: SSL for custom domain: tfuk.miraheze.org as Resolved.
Feb 13 2024, 06:33 · MediaWiki (SRE), SSL
Reception123 closed T11836: SSL for custom domain: patrykstan.miraheze.org as Resolved.
Feb 13 2024, 06:29 · MediaWiki (SRE), SSL
Reception123 triaged T11837: Migrate certs from RSA to ECDSA for key as Normal priority.
Feb 13 2024, 06:14 · SSL, Site Reliability Engineering

Feb 11 2024

OswaldK created T11842: SSL for custom domain: thff.miraheze.org.
Feb 11 2024, 05:56 · MediaWiki (SRE), SSL

Feb 10 2024

TheLastGherkin created T11839: SSL for custom domain: tfuk.miraheze.org.
Feb 10 2024, 20:31 · MediaWiki (SRE), SSL
Plopilpy created T11836: SSL for custom domain: patrykstan.miraheze.org.
Feb 10 2024, 19:00 · MediaWiki (SRE), SSL
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 If you want to get RequestSSL working right now, we could look at sending emails the way core does with Special:EmailUser

Feb 10 2024, 15:03 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 If you want to get RequestSSL working right now, we could look at sending emails the way core does with Special:EmailUser

Feb 10 2024, 11:01 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)