Expired certification with HSTS making wikiapiary.com inaccessible
Closed, ResolvedPublic

Description

Originally reported at wikiapiary@l.wm.o, LE certificate expired last week, and since HSTS is active, nobody can access the site until it is renewed.

Cronjob should be set up to renew it automatically in the future.

revi created this task.Jul 3 2017, 2:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 3 2017, 2:16 PM
revi triaged this task as Unbreak Now! priority.Jul 3 2017, 2:17 PM
Restricted Application added subscribers: Jay8g, TerraCodes. · View Herald TranscriptJul 3 2017, 2:17 PM

Also mentioned here by @Samwilson Adding @MarkAHershberger since he is the one working with the server if I am not mistaken.

MarkAHershberger closed this task as Resolved.Jul 3 2017, 3:13 PM
MarkAHershberger claimed this task.

fixed

Kghbln added a comment.Jul 3 2017, 3:20 PM

Thanks a ton!

Dzahn added a subscriber: Dzahn.Jul 3 2017, 4:14 PM

if you are using certbot, there is an option for autorenewal

Ciencia_Al_Poder reopened this task as Open.Oct 2 2017, 9:17 AM
Ciencia_Al_Poder added a subscriber: Ciencia_Al_Poder.

Reopening. This just happened again...

Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptOct 2 2017, 9:17 AM
Kghbln added a comment.Oct 2 2017, 9:20 AM

This is a known issue. This time we just have to sit tight.

@Ciencia_Al_Poder Since you are a regular user of WikiApiary it will be nice if you could subscribe to the mainlinglist. It is low traffic, so no worries.

See recent post to the Wikiapiary mailing list https://lists.wikimedia.org/pipermail/wikiapiary/2017-October/000012.html

We tried to update the SSL cert via letsencrypt today and ran into
trouble.

Since this is the first time we have renewed a cert this way, we had
trouble understanding the commands.

Anyway, we ended up blocking us from doing the renewal for about a week.

Which means the cert on the site will be broken for about a week.

See this post for an explanation:
https://community.letsencrypt.org/t/how-can-i-completely-reinstall-lets-encrypt-delete-all-old-certificates-and-start-fresh/10689/2

Sorry for the trouble,

Mark.

@Ciencia_Al_Poder Since you are a regular user of WikiApiary it will be nice if you could subscribe to the mainlinglist. It is low traffic, so no worries.

Oops! I was already subscribed, but I tried to check/add a wiki from my work and I didn't check my personal email first, so I didn't see it

Dzahn added a comment.Oct 2 2017, 8:03 PM

Yea, so the fix here is to just wait. I think there is not much else that can be done (besides buying a new cert just for these few days). Not sure what this means about "UBN" status. It is what it is.

Kghbln closed this task as Resolved.Oct 9 2017, 11:33 PM
Kghbln awarded a token.