Opened 3 months ago

Last modified 8 weeks ago

#13865 assigned Bug/Something is broken

Certificates are installed so need a server restart

Reported by: https://id.mayfirst.org/uws Owned by: https://id.mayfirst.org/jaimev
Priority: Urgent Component: Tech
Keywords: Cc: heshan@…, https://id.mayfirst.org/jamie
Sensitive: no

Description

SSL certificates are installed for www.smwlocal206.org please do a reboot to the server and then validate certificates if those loads up okay to the site.

Priority high since we need to do the restart before midnight today.

Thanks, Heshan

Change History (4)

comment:1 Changed 3 months ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added
  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

I fixed the path on the certificate key and restarted apache. I am copying jamie here, is there is documentation somewhere about the relationship of control panel web configuration to sites on pauline. They seem independent?

comment:2 Changed 2 months ago by https://id.mayfirst.org/jamie

The settings on pauline are a relic of the past and I don't think we have any decent documentation.

The exceptions were made for two reasons: one, UWS is a heavy user of drupal multi-site - so many many domains share the same configuration and two, we set those exceptions up before SNI was invented - so each web site running https had to have it's own IP address.

I think we should remove these exceptions (added via the ibew.specia.conf file) and in theory we should be able to convert the big multi-site lets encrypt but in practice... I'm not sure if lets encrypt has any limits on the number of domains that can be included on a single site. Scratch that. They appears to have a 100 domains per certificate limit. So, maybe this would work? I don't think there are a hundred domain names under the hosting order are there?

If we can convert this to letsencrypt, it would mean every web site in this shared hosting order would enjoy https support, which I think would be a big gain.

comment:3 Changed 8 weeks ago by https://id.mayfirst.org/jaimev

Hi uws what do you think about this move? Are you ok with us going forward on this?

comment:4 Changed 8 weeks ago by https://id.mayfirst.org/uws

Hi Jaime, sounds promising, may we arrange a call with our security team and get back to you next week?

Doug

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.