Opened 8 months ago

Closed 8 months ago

#13822 closed Bug/Something is broken (fixed)

SSL Cert for

Reported by: Owned by:
Priority: Medium Component: Tech
Keywords: LetsEncrypt Cc:
Sensitive: no


When I visit a site using the address, the browser tells me my clock is ahead... i don't believe I can fix it myself!

Issuer: COMODO RSA Domain Validation Secure Server CA
Expires on: Jun 7, 2018
Current date: Jun 25, 2018

Change History (4)

comment:1 Changed 8 months ago by

  • Cc added
  • Keywords LetsEncrypt added
  • Owner set to
  • Status changed from new to assigned

I've just removed ntp so that systemd-timesyncd should make sure the date and time are synced. I think we can also replace this cert with a LetsEncrypt cert, copying jamie here with a question first though.

jamie looking at our current setup I don't think we've created a way to automatically create LetsEncrypt certs through puppet for non mosh servers? Should I just go ahead with using mf-certbot to do this semi-manually, create an apache config to allow for renewal?

comment:2 Changed 8 months ago by

Yes - that's the way to do it.

comment:3 Changed 8 months ago by

  • Resolution set to fixed
  • Status changed from assigned to feedback

Ok, this is setup now. To do this I've split out the VirtualHost stanzas referencing ServerName from your apache config /etc/apache2/sites-enabled/vianey_proxy.conf into its own /etc/apache2/sites-enabled/ and added a DocumentRoot and rewrite exception allowing LetsEncrypt challenges to ".well-known/" path to read from /var/www.

The old cert and key have been converted into symlinks pointing to the LetsEncrypt certs. Also I included the new --renew-hook option to instruct certbot to reload apache2 when the certificate renews.

comment:4 Changed 8 months ago by automatic

  • Status changed from feedback to closed

No news is good news (we hope)! Given the lack of feedback, we think this ticket can be closed.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.