Page MenuHomePhabricator

update * by 2017-10-16
Closed, ResolvedPublic


This will be the public tracking task for the replacement of the * cert/key pair. The existing certificate expires on 2017-10-16. The new certificate is available on:

The certificate was purchased via T174053, which is not a pubic task, so it shoudn't be used to track implementation (hence this task's creation.)

The new private key is on the private repo, named When the above patchset is pushed live, the private key must be updated. (Either replace the contents of the exiting file, or git rm and git mv the new file into the existing keyfiles place.)

Since this affects the cloud team, This has been flagged with cloud-services-team project for their review.

Related Objects

Resolved madhuvishy

Event Timeline

RobH mentioned this in Unknown Object (Task).Aug 30 2017, 7:54 PM

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:24:06Z] <madhuvishy> Disabling puppet on tools-proxy-* and tools-static-* for SSL cert update (T174611)

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:33:28Z] <madhuvishy> Updated certs and ran puppet, restarted nginx on tools-proxy-* and tools-static-* (T174611)

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T21:12:36Z] <madhuvishy> Updated cert, ran puppet and restarted nginx in novaproxy-01 and 02 (Copied the private key manually to /etc/ssl/private) T174611

madhuvishy claimed this task.

This is all done, new private key committed in ops/private. New certs are showing up okay!