Page MenuHomePhabricator

update *.wmflabs.org by 2017-10-16
Closed, ResolvedPublic

Description

This will be the public tracking task for the replacement of the *.wmflabs.org cert/key pair. The existing certificate expires on 2017-10-16. The new certificate is available on: https://gerrit.wikimedia.org/r/#/c/374873/

The certificate was purchased via T174053, which is not a pubic task, so it shoudn't be used to track implementation (hence this task's creation.)

The new private key is on the private repo, named new.star.wmflabs.org.key. When the above patchset is pushed live, the private key must be updated. (Either replace the contents of the exiting file, or git rm and git mv the new file into the existing keyfiles place.)

Since this affects the cloud team, This has been flagged with cloud-services-team project for their review.

Related Objects

StatusSubtypeAssignedTask
Resolved madhuvishy

Event Timeline

RobH mentioned this in Unknown Object (Task).Aug 30 2017, 7:54 PM

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:24:06Z] <madhuvishy> Disabling puppet on tools-proxy-* and tools-static-* for star.wmflabs.org SSL cert update (T174611)

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:33:28Z] <madhuvishy> Updated certs and ran puppet, restarted nginx on tools-proxy-* and tools-static-* (T174611)

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T21:12:36Z] <madhuvishy> Updated star.wmflabs.org cert, ran puppet and restarted nginx in novaproxy-01 and 02 (Copied the private key manually to /etc/ssl/private) T174611

madhuvishy claimed this task.

This is all done, new private key committed in ops/private. New certs are showing up okay!