To get wildcard certs in deployment-prep, either we do this, or we run our own gdnsd instance, get the beta.wmflabs.org domain removed from labs-ns*, and get an NS record created under wmflabs.org pointing beta.wmflabs.org at our gdnsd server.
Here's the integration script for gdnsd: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/459809/11/modules/certcentral/files/dns-sync.py
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
acme-chief: Add script for Designate integration | operations/puppet | production | +164 -0 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Krenair | T182927 Get letsencrypt wildcard cert for *.beta.wmflabs.org domains | |||
Resolved | Krenair | T206922 Write designate integration script for certcentral DNS challenges |
Event Timeline
Comment Actions
I finally got around to writing the basic script today (copy at deployment-acme-chief03:/usr/local/bin/acme-chief-designate-sync.py) and it pretty much works, there are some minor things to fix (config and maybe a domain name logic thing) and maybe one fundamental problem to resolve (mechanism to expire challenges - really want to solve that before having a go at getting the unified cert :))
Comment Actions
Change 497670 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/puppet@production] [WIP] acme-chief: Add script for Designate integration
Comment Actions
Change 497670 merged by Vgutierrez:
[operations/puppet@production] acme-chief: Add script for Designate integration