Page MenuHomePhabricator

Deploy managed LetsEncrypt certs for all public use-cases
Closed, ResolvedPublic

Description

  • wikiba.se
  • Global unified wildcard
  • Non-canonical domain redirects

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 14 2019, 2:41 PM
Vgutierrez triaged this task as Normal priority.Jan 14 2019, 2:41 PM
Vgutierrez added a project: Traffic.
Restricted Application added a project: Operations. · View Herald TranscriptJan 14 2019, 2:41 PM
Vgutierrez moved this task from Triage to TLS on the Traffic board.Jan 14 2019, 2:48 PM
Krenair moved this task from Backlog to Goals/tracking on the Acme-chief board.Feb 22 2019, 12:40 PM

Change 499154 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Allow LE issue the global unified wildcard certificate

https://gerrit.wikimedia.org/r/499154

Change 499155 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Add CAA records for wikiba.se

https://gerrit.wikimedia.org/r/499155

Change 499156 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Allow LE issue the non-canonical redirects service certficate

https://gerrit.wikimedia.org/r/499156

Change 499185 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Issue the global unified wildcard certificate

https://gerrit.wikimedia.org/r/499185

Change 499189 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Issue wikiba.se certificate

https://gerrit.wikimedia.org/r/499189

Change 499201 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Issue the non-canonical redirect certificates

https://gerrit.wikimedia.org/r/499201

Change 499154 merged by Vgutierrez:
[operations/dns@master] Allow LE issue the global unified wildcard certificate

https://gerrit.wikimedia.org/r/499154

Change 499239 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] redirects.dat: Get rid of domains non controlled by WMF

https://gerrit.wikimedia.org/r/499239

Change 499155 merged by Vgutierrez:
[operations/dns@master] Add CAA records for wikiba.se

https://gerrit.wikimedia.org/r/499155

Change 499426 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Add a LE ACMEv2 staging environment account

https://gerrit.wikimedia.org/r/499426

Change 499426 abandoned by Vgutierrez:
acme_chief: Add a LE ACMEv2 staging environment account

Reason:
T219482

https://gerrit.wikimedia.org/r/499426

Change 499185 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Issue the global unified wildcard certificate

https://gerrit.wikimedia.org/r/499185

root@acmechief1001:~# openssl x509 -text -noout -in /var/lib/acme-chief/certs/unified/live/rsa-2048.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:92:37:dd:0b:55:1a:07:fc:2c:b9:19:6c:c4:bd:ec:0f:c1
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar 28 07:10:05 2019 GMT
            Not After : Jun 26 07:10:05 2019 GMT
        Subject: CN = *.wikipedia.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5c:75:9f:45:03:47:ae:0b:6f:70:7e:da:f3:
                    f9:cc:da:f8:4f:c5:c7:cd:b9:93:64:1a:47:c9:eb:
                    f2:58:9f:81:cc:d5:de:b5:a8:20:86:4b:9f:c7:4d:
                    4c:9b:39:82:22:34:17:ce:6f:6c:d3:b3:dd:2f:c1:
                    54:34:6f:99:b8:49:92:fc:09:09:a7:cd:61:9a:17:
                    80:83:95:47:da:54:d0:e5:fe:fd:75:37:a7:52:01:
                    73:f5:57:1e:d7:2b:d4:d6:c3:e3:62:60:cc:c4:5c:
                    d8:1f:58:cd:b0:0a:98:9b:19:43:90:3f:13:95:f3:
                    f4:b4:2e:c3:79:27:4f:f5:e8:85:91:02:8f:16:69:
                    6d:e9:38:17:f9:77:1d:52:20:c0:71:db:3a:24:77:
                    b8:be:d9:e4:9a:b7:57:2a:43:8e:7f:bb:a5:33:be:
                    4d:e5:12:fb:9b:50:d9:7f:aa:aa:08:04:80:6e:e3:
                    e1:14:46:c4:3b:3d:d5:29:ff:87:b8:e5:02:88:70:
                    86:4a:4a:54:6b:d6:29:1b:18:90:2e:f0:7f:fb:33:
                    a5:0a:44:96:2a:9a:37:f8:41:d8:da:de:28:a2:9c:
                    f0:b0:0d:37:76:ab:a4:d7:f3:ec:a7:9d:2c:c6:cb:
                    0f:7f:0e:3f:e7:e7:36:2e:b3:41:c2:45:05:12:56:
                    f7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                A0:3C:D2:C9:4D:5E:F7:02:9C:84:60:9A:25:0D:E3:9A:AA:88:82:E8
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.m.mediawiki.org, DNS:*.m.wikibooks.org, DNS:*.m.wikidata.org, DNS:*.m.wikimedia.org, DNS:*.m.wikinews.org, DNS:*.m.wikipedia.org, DNS:*.m.wikiquote.org, DNS:*.m.wikisource.org, DNS:*.m.wikiversity.org, DNS:*.m.wikivoyage.org, DNS:*.m.wiktionary.org, DNS:*.mediawiki.org, DNS:*.planet.wikimedia.org, DNS:*.wikibooks.org, DNS:*.wikidata.org, DNS:*.wikimedia.org, DNS:*.wikimediafoundation.org, DNS:*.wikinews.org, DNS:*.wikipedia.org, DNS:*.wikiquote.org, DNS:*.wikisource.org, DNS:*.wikiversity.org, DNS:*.wikivoyage.org, DNS:*.wiktionary.org, DNS:*.wmfusercontent.org, DNS:mediawiki.org, DNS:w.wiki, DNS:wikibooks.org, DNS:wikidata.org, DNS:wikimedia.org, DNS:wikimediafoundation.org, DNS:wikinews.org, DNS:wikipedia.org, DNS:wikiquote.org, DNS:wikisource.org, DNS:wikiversity.org, DNS:wikivoyage.org, DNS:wiktionary.org, DNS:wmfusercontent.org
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Mar 28 08:10:05.772 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EC:07:B4:D8:B2:CB:24:1A:2A:25:E5:
                                BB:96:6C:82:ED:B3:69:B7:B8:B5:89:A1:51:65:BE:AE:
                                C6:3A:19:4A:F2:02:21:00:BC:E8:32:54:8F:29:A9:44:
                                47:E4:50:FD:C4:EB:B1:12:89:22:E2:C2:EF:14:26:CC:
                                58:9E:CF:CD:D6:C8:9D:3F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Mar 28 08:10:05.766 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A7:F3:FF:6F:7D:13:0F:8B:34:A7:86:
                                A4:D3:FE:33:2C:8E:C4:5D:F8:4B:26:BA:B8:C9:EC:74:
                                8A:F5:9B:3D:83:02:21:00:9D:A1:AD:08:E0:CA:22:DD:
                                28:4C:4D:DE:C9:5B:00:8A:85:A3:0E:44:51:59:62:95:
                                7F:05:ED:4B:09:18:D9:2C
    Signature Algorithm: sha256WithRSAEncryption
         44:a0:e6:29:c4:d9:ac:0f:af:5b:ef:11:86:8b:b0:11:15:89:
         a1:ec:d0:f0:f3:3d:6b:0e:23:65:33:a1:42:f2:08:4a:5e:22:
         33:9b:59:33:b9:80:71:92:09:38:c7:d0:d6:e3:3d:4c:af:0c:
         d0:1e:12:61:52:8f:fc:be:e7:76:87:c6:ce:64:3d:55:6d:2c:
         13:6d:07:3d:7b:c1:c3:cd:e5:6d:d6:ab:99:a4:4c:5d:32:f5:
         c5:b6:e9:c4:ec:84:9b:77:a3:9b:66:86:83:90:08:e7:a6:49:
         c1:15:18:cf:7f:3a:52:07:31:4d:47:5a:3b:9e:f9:18:f2:81:
         95:ac:d4:9d:fc:d2:9c:8e:33:ba:57:f6:f4:9f:68:fc:c9:84:
         2d:31:3b:e3:b9:41:5c:68:05:37:e9:5e:1a:29:91:58:54:af:
         80:a9:e9:8f:2c:8c:b3:55:a2:f8:63:0b:c2:98:b9:76:ab:38:
         ef:73:7e:34:f6:c7:ce:a8:2a:cd:1d:4e:01:22:ef:26:f5:2b:
         9d:3a:f9:6c:d2:19:fd:db:25:76:63:83:c7:94:3f:57:74:69:
         e3:c6:da:b0:b6:2f:af:48:c8:b6:95:99:3b:48:1e:d4:26:06:
         e1:3d:17:20:7a:9c:08:9c:50:ca:67:13:ca:19:79:91:ef:5c:
         03:b5:ca:ee
root@acmechief1001:~# openssl x509 -text -noout -in /var/lib/acme-chief/certs/unified/live/ec-prime256v1.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b4:3d:b3:e1:c9:aa:8d:95:67:e4:b0:da:95:2f:56:83:c2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar 28 07:09:51 2019 GMT
            Not After : Jun 26 07:09:51 2019 GMT
        Subject: CN = *.wikipedia.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:74:05:66:6a:76:7f:ae:42:b5:c8:8b:39:03:2e:
                    c8:21:eb:c9:10:54:9d:09:a5:cd:53:26:5a:53:fd:
                    d4:88:ca:74:a2:ae:5a:c6:f8:fa:cc:4c:e0:5e:59:
                    c4:b8:eb:cc:69:91:e4:c3:67:e1:9f:fb:ee:e0:01:
                    00:dc:7f:61:12
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                A2:1D:F4:8A:03:A1:C2:DB:9F:33:CB:90:6A:59:55:DE:77:98:D2:9A
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.m.mediawiki.org, DNS:*.m.wikibooks.org, DNS:*.m.wikidata.org, DNS:*.m.wikimedia.org, DNS:*.m.wikinews.org, DNS:*.m.wikipedia.org, DNS:*.m.wikiquote.org, DNS:*.m.wikisource.org, DNS:*.m.wikiversity.org, DNS:*.m.wikivoyage.org, DNS:*.m.wiktionary.org, DNS:*.mediawiki.org, DNS:*.planet.wikimedia.org, DNS:*.wikibooks.org, DNS:*.wikidata.org, DNS:*.wikimedia.org, DNS:*.wikimediafoundation.org, DNS:*.wikinews.org, DNS:*.wikipedia.org, DNS:*.wikiquote.org, DNS:*.wikisource.org, DNS:*.wikiversity.org, DNS:*.wikivoyage.org, DNS:*.wiktionary.org, DNS:*.wmfusercontent.org, DNS:mediawiki.org, DNS:w.wiki, DNS:wikibooks.org, DNS:wikidata.org, DNS:wikimedia.org, DNS:wikimediafoundation.org, DNS:wikinews.org, DNS:wikipedia.org, DNS:wikiquote.org, DNS:wikisource.org, DNS:wikiversity.org, DNS:wikivoyage.org, DNS:wiktionary.org, DNS:wmfusercontent.org
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Mar 28 08:09:51.170 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:7E:98:D7:54:33:66:8E:FA:11:B3:7D:2C:
                                6C:AD:5B:DE:7A:33:5D:96:96:E6:DE:81:7F:FF:E7:3C:
                                DF:17:6C:E6:02:21:00:BF:9C:66:7D:41:F4:79:F8:09:
                                85:C2:10:3C:F5:6B:43:6C:8C:5F:94:13:75:0A:3A:8C:
                                9C:7A:BB:76:F9:A5:80
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Mar 28 08:09:51.283 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:48:F5:50:BD:FD:F1:80:4E:AA:EB:F8:03:
                                24:EE:BB:13:4B:3B:86:83:7C:53:4B:B8:EF:A8:BB:ED:
                                3D:F6:F3:C5:02:20:05:A1:4E:B7:BD:86:81:AE:51:26:
                                62:D9:F1:40:1C:EA:93:14:85:6B:75:9A:38:26:B2:4C:
                                A2:26:D4:F9:DE:7E
    Signature Algorithm: sha256WithRSAEncryption
         84:b9:2a:15:d7:c3:e3:64:d3:e6:3b:b6:7b:9d:b0:ff:0d:6e:
         aa:3d:b1:f8:9e:ff:42:8a:47:ee:f6:2b:ab:32:e2:45:22:8d:
         bb:ff:e9:49:8b:e0:0b:fd:ef:90:dd:28:9b:8e:99:de:e5:d3:
         d7:1c:2e:26:a2:2a:a5:33:b6:05:48:9c:5a:c5:31:92:5d:64:
         90:4d:27:af:6d:f4:59:9e:2c:ad:c9:23:d6:35:ee:fc:f9:85:
         5b:fc:da:d2:45:10:9e:db:a6:db:a2:d9:4b:e1:e3:38:11:a1:
         eb:53:c9:a3:3c:f7:0a:ed:31:23:6a:39:87:d7:72:fb:4e:58:
         a4:a5:cf:9a:1a:c2:68:4d:38:bc:c1:2f:0f:f3:28:e4:23:94:
         e0:ac:f1:fc:73:12:c0:8c:00:a1:6b:3c:40:83:01:a2:ac:bd:
         b6:b2:bd:fa:84:54:fe:de:35:ba:0a:aa:c6:64:62:d2:f0:5c:
         71:5a:fa:72:23:f1:f9:f1:d3:af:dc:dc:4a:c3:20:4e:cc:85:
         1c:de:4e:5b:79:cd:0e:8f:4f:a0:85:95:b4:21:7f:a2:50:7c:
         04:30:eb:d3:bd:1f:25:fd:cb:9f:8f:ae:ea:35:fd:3f:3f:4a:
         52:29:ae:0f:91:b6:f9:d7:06:d4:5e:e1:33:0b:dc:7d:b1:83:
         bb:ee:f2:80

Change 499746 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Provide OCSP stapling support

https://gerrit.wikimedia.org/r/499746

Change 499189 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Issue wikiba.se certificate

https://gerrit.wikimedia.org/r/499189

vgutierrez@acmechief1001:~$ sudo -i openssl x509 -text -noout -in /var/lib/acme-chief/certs/wikibase/live/rsa-2048.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:09:1c:d8:1f:6b:2f:dc:9f:40:ac:df:f8:dd:16:c6:22:eb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar 28 13:09:23 2019 GMT
            Not After : Jun 26 13:09:23 2019 GMT
        Subject: CN = wikiba.se
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:24:39:5e:d0:74:ea:b9:5c:92:6a:e1:f4:d4:
                    36:16:5f:47:69:67:f2:ec:c7:63:51:17:b4:d6:84:
                    17:88:88:f6:15:c4:88:44:28:a1:e8:64:fa:cf:e9:
                    4a:55:6e:40:c3:25:d7:c6:3d:e9:e5:34:3e:5e:38:
                    71:31:c5:96:2e:d1:3c:85:2f:ce:e6:39:53:c3:a9:
                    cc:86:d6:48:c5:c9:c1:e1:fb:32:59:9f:70:ec:c7:
                    5c:3e:5e:07:ce:9f:75:45:0f:b1:23:08:5b:8f:3c:
                    2f:ae:26:c3:f4:af:63:db:1c:07:b3:03:4e:b3:de:
                    d2:ef:e4:c4:9b:3c:ae:84:50:cd:fc:d3:0d:98:e2:
                    76:1d:3f:25:bb:a7:eb:1e:22:08:0c:cd:43:ef:92:
                    a4:eb:79:9e:49:c8:4d:19:73:ef:00:df:4c:41:58:
                    2f:0d:c6:1c:10:f9:8c:bd:68:07:b7:a3:ba:75:95:
                    30:d0:ec:f5:3c:62:c8:69:e2:8e:5c:37:db:87:32:
                    8a:16:ca:81:6a:c7:72:1a:fc:5d:f1:0b:24:33:1c:
                    67:3d:39:05:73:bc:d4:5b:d9:45:1c:d3:11:36:9f:
                    3c:3c:15:d3:15:11:e4:1e:df:91:ee:2a:29:01:79:
                    b6:71:c7:7e:9c:bf:5b:a9:88:89:f9:2e:81:58:cf:
                    52:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                EE:EE:D6:A3:82:15:C6:CE:A5:C5:98:50:5E:45:51:FF:88:C4:46:65
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:wikiba.se, DNS:www.wikiba.se
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Mar 28 14:09:23.186 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:A8:69:00:17:0D:CA:64:05:0D:7E:DC:
                                F9:FC:19:A1:AA:77:11:49:3A:11:A2:9C:69:14:6D:FC:
                                77:23:58:51:78:02:20:3E:1D:89:A3:93:B2:DB:5A:12:
                                43:10:2D:06:D6:BF:E3:A7:2F:B9:46:FF:99:8F:E4:BE:
                                72:D4:35:C3:68:5B:B0
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Mar 28 14:09:23.290 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:44:C9:A1:EE:94:9D:E8:36:6C:C9:52:19:
                                DF:F9:D1:5C:F2:AC:58:BB:FC:44:1C:04:1D:97:B2:5D:
                                21:62:F2:28:02:21:00:87:C6:B1:A6:D5:C7:E9:6F:52:
                                44:79:E3:92:AF:41:60:98:1C:B7:61:35:6F:F3:B2:E6:
                                2B:F9:2F:B8:65:B2:96
    Signature Algorithm: sha256WithRSAEncryption
         85:1c:76:21:3f:11:7e:16:ff:f8:22:f5:83:5e:fc:bc:b3:98:
         1b:e1:77:64:9e:a7:81:bd:26:f7:8e:f4:20:ab:81:eb:5b:8e:
         08:26:18:3a:66:f2:b2:e4:cb:3f:91:e4:aa:bb:91:bd:6c:c4:
         0c:19:c9:67:7e:74:9d:05:3e:22:a6:2f:41:d4:a0:22:d6:27:
         f7:bf:13:db:06:09:3c:1a:68:62:fa:2b:bf:b5:4d:4b:9b:32:
         63:f1:d8:f8:88:4c:94:fc:48:01:8d:af:c0:2e:b5:32:7e:24:
         31:e3:8e:4a:21:68:ec:c3:1b:7d:1b:0e:87:a6:ba:8a:b0:b4:
         c5:79:2c:91:1d:43:c4:35:6c:86:78:d3:65:2e:3d:a5:01:e0:
         5c:97:85:cb:66:92:91:0a:e4:70:6e:55:6e:fc:8a:a1:76:86:
         78:d3:d9:8b:ac:9f:62:78:fc:38:7e:b7:74:86:21:b6:ba:8c:
         2f:69:ff:3d:d2:86:33:5e:87:c8:dd:cd:cc:2a:f6:34:0b:97:
         09:2c:7c:02:75:e7:91:a0:55:d0:f7:6e:62:3e:93:da:1b:93:
         15:08:c4:22:56:3b:ec:8d:e3:8c:f0:a5:f9:b5:a3:2d:64:85:
         d4:84:d8:3e:10:01:fd:65:e3:04:c7:6a:dc:31:37:2a:03:2e:
         cc:4f:aa:9d
vgutierrez@acmechief1001:~$ sudo -i openssl x509 -text -noout -in /var/lib/acme-chief/certs/wikibase/live/ec-prime256v1.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f2:d6:bf:20:64:12:28:21:c9:c7:4b:2e:ab:b2:c0:20:12
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar 28 13:09:12 2019 GMT
            Not After : Jun 26 13:09:12 2019 GMT
        Subject: CN = wikiba.se
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:bc:ae:7e:d5:15:30:12:d7:1d:b3:ee:7a:4f:e6:
                    bb:4d:fb:55:45:e6:f2:f6:90:2b:f8:68:86:f5:c7:
                    16:19:76:d5:70:f1:13:9c:d4:e8:3c:c3:40:d5:94:
                    b0:6a:7a:bd:b0:0c:4b:61:98:9b:e7:76:c0:94:f1:
                    40:84:82:ea:74
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                26:28:B0:BE:1B:BB:1F:05:BA:F9:DB:E4:A7:CA:CB:FD:55:B2:FC:51
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:wikiba.se, DNS:www.wikiba.se
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:
                                3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
                    Timestamp : Mar 28 14:09:12.393 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:C4:1B:30:D1:CA:E1:7D:6A:AA:A1:9A:
                                73:7F:B2:7B:B4:25:97:77:2E:4F:E3:2A:34:98:8C:C9:
                                93:0C:D4:6D:C7:02:20:07:65:64:50:16:25:A9:3A:A8:
                                74:F7:29:A6:04:BE:8B:E2:3E:2C:FA:F4:53:7E:B6:69:
                                CF:71:E7:C7:25:21:DF
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Mar 28 14:09:12.396 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:84:08:91:83:94:F4:70:A2:F3:C1:5D:
                                8A:88:B4:71:FF:CA:AA:AF:85:DD:23:19:D9:1B:87:C7:
                                62:01:FA:22:4B:02:21:00:E0:1E:94:EA:F7:E0:5B:C0:
                                56:DD:AF:87:0C:AD:15:E3:07:0D:87:DF:73:42:CD:1A:
                                83:07:E1:F4:63:DD:CC:B8
    Signature Algorithm: sha256WithRSAEncryption
         0f:16:5f:bc:de:84:f3:8e:5a:c6:69:0c:d7:da:33:ac:b3:77:
         7f:98:65:c1:7e:01:e1:e4:77:33:8b:68:81:3d:2d:e1:c6:e8:
         e0:1b:71:87:4e:c9:02:cf:9b:a1:1c:64:4b:a0:48:6e:84:10:
         96:de:b3:2c:70:80:64:f9:92:d5:05:86:f7:cb:93:ab:be:7d:
         ad:0f:06:93:12:da:2f:ed:e2:90:3c:1b:d5:f5:f4:65:7c:a9:
         2a:27:c3:3b:f9:f3:f4:4f:8e:8f:07:3e:c8:ac:67:31:01:c1:
         73:f2:e4:27:07:82:6f:d9:9b:0d:23:c3:b0:78:e0:e8:5d:41:
         4d:dc:17:f3:81:6f:ef:1a:7b:8f:21:ff:4e:02:05:d0:90:47:
         3e:26:ac:23:f2:a2:f9:1c:78:e8:d3:62:73:c8:21:28:db:bc:
         18:ee:5e:bd:5b:06:ad:48:38:aa:4b:bd:31:58:8d:29:fe:a9:
         1f:d0:b6:74:ec:b8:ba:4d:58:09:8f:25:ca:5b:25:5c:73:8a:
         62:78:02:b8:c8:ab:34:78:5d:75:c7:09:c3:11:c8:20:9f:d0:
         60:57:77:a7:63:51:21:fb:a4:2d:65:c1:41:7b:fd:7d:53:a9:
         48:8f:3e:df:c8:2d:19:45:e8:ca:81:5f:c0:04:c1:6c:22:8b:
         2b:57:94:13

Change 499779 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] tlsproxy: Allow acme-chief certs to be deployed

https://gerrit.wikimedia.org/r/499779

Change 499780 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] hieradata: Deploy acme-chief unified certificate in eqsin cp servers

https://gerrit.wikimedia.org/r/499780

Change 499779 abandoned by Vgutierrez:
tlsproxy: Allow acme-chief certs to be deployed

Reason:
go with I0f9d88e9660fb3110874367bbe22fc380ca130f7 instead

https://gerrit.wikimedia.org/r/499779

Change 499823 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] nagios_common: provide check_ssl_unified variants for LE certs

https://gerrit.wikimedia.org/r/499823

Change 499825 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] cache: serve wikiba.se traffic using cache::text servers

https://gerrit.wikimedia.org/r/499825

Change 499974 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Allow cp1008 to fetch the unified certificate

https://gerrit.wikimedia.org/r/499974

Change 499975 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] hieradata: Deploy acme-chief unified certificate in the cp1008

https://gerrit.wikimedia.org/r/499975

Change 497929 had a related patch set uploaded (by Vgutierrez; owner: Alex Monk):
[operations/puppet@production] Allow acme-chief to provide unified cert

https://gerrit.wikimedia.org/r/497929

Change 499746 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Provide OCSP stapling support

https://gerrit.wikimedia.org/r/499746

Change 499981 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] cache: serve wikiba.se traffic using cache::text servers

https://gerrit.wikimedia.org/r/499981

Change 497929 merged by Vgutierrez:
[operations/puppet@production] Allow acme-chief to provide unified cert

https://gerrit.wikimedia.org/r/497929

Change 499974 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Allow cp1008 to fetch the unified certificate

https://gerrit.wikimedia.org/r/499974

Change 499975 merged by Vgutierrez:
[operations/puppet@production] hieradata: Deploy acme-chief unified certificate on cp1008

https://gerrit.wikimedia.org/r/499975

Change 500397 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] tlsproxy: Allow update-ocsp-all writing in /etc/acmecerts

https://gerrit.wikimedia.org/r/500397

Change 500397 merged by Vgutierrez:
[operations/puppet@production] tlsproxy: Allow update-ocsp-all writing in /etc/acmecerts

https://gerrit.wikimedia.org/r/500397

Change 500443 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] localssl: Avoid acme-chief puppetization triggers nginx restart

https://gerrit.wikimedia.org/r/500443

Change 500443 merged by Vgutierrez:
[operations/puppet@production] localssl: Avoid acme-chief puppetization triggers nginx restart

https://gerrit.wikimedia.org/r/500443

Change 499780 merged by Vgutierrez:
[operations/puppet@production] hieradata: Deploy acme-chief unified certificate on eqsin cp servers

https://gerrit.wikimedia.org/r/499780

Change 499823 merged by Vgutierrez:
[operations/puppet@production] nagios_common: provide check_ssl_unified variants for LE certs

https://gerrit.wikimedia.org/r/499823

Change 499825 merged by Vgutierrez:
[operations/puppet@production] cache: serve wikiba.se traffic using cache::canary servers

https://gerrit.wikimedia.org/r/499825

Vgutierrez updated the task description. (Show Details)Apr 1 2019, 2:50 PM

Change 500472 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/puppet@production] Add wikiba.se to HTTPS/HSTS regexes for canonicals

https://gerrit.wikimedia.org/r/500472

Mentioned in SAL (#wikimedia-operations) [2019-04-01T15:24:43Z] <vgutierrez> disable puppet in the cache text cluster - T213705

Change 500473 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/puppet@production] Add wikiba.se to HTTPS redirect regex

https://gerrit.wikimedia.org/r/500473

Change 499981 merged by Vgutierrez:
[operations/puppet@production] cache: serve wikiba.se traffic using cache::text servers

https://gerrit.wikimedia.org/r/499981

Mentioned in SAL (#wikimedia-operations) [2019-04-01T16:32:36Z] <vgutierrez> slowly reenabling puppet in cache text cluster - T213705

Vgutierrez updated the task description. (Show Details)Apr 1 2019, 4:50 PM

Change 499239 merged by Vgutierrez:
[operations/puppet@production] redirects.dat: Get rid of domains non controlled by WMF

https://gerrit.wikimedia.org/r/499239

Change 499156 merged by Vgutierrez:
[operations/dns@master] Allow LE issue the non-canonical redirects service certificate

https://gerrit.wikimedia.org/r/499156

Change 499201 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Issue the non-canonical redirect certificates

https://gerrit.wikimedia.org/r/499201

Vgutierrez closed this task as Resolved.Apr 2 2019, 9:25 AM
Vgutierrez removed a project: Patch-For-Review.

The non-canonical certs have been issued successfully:

root@acmechief1001:~# for i in {1..4}; do openssl x509 -text -noout -in /var/lib/acme-chief/certs/non-canonical-redirect-$i/live/rsa-2048.crt; done
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:33:3f:b5:1b:09:a9:b1:b3:9f:a3:4a:dd:43:f1:c0:d5:57
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:14:59 2019 GMT
            Not After : Jul  1 08:14:59 2019 GMT
        Subject: CN = wikipedia.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:05:b4:30:db:26:b0:40:57:bb:3a:51:99:2c:
                    45:3a:8a:a7:42:89:d5:fe:8e:db:b3:c6:99:78:73:
                    2f:d3:0e:ca:3c:bb:43:a3:dd:cc:27:d4:55:d5:e7:
                    a8:2c:9e:6e:08:4f:64:61:cc:e2:2f:a6:77:b7:6b:
                    09:81:90:eb:1e:11:58:ad:c0:e1:ae:7b:1e:34:b7:
                    24:ef:96:ec:2e:87:92:7a:bf:da:5a:4e:db:e8:62:
                    2d:26:cf:3b:28:ff:48:49:da:a5:9d:98:7e:4e:8f:
                    ec:34:fb:bf:47:21:14:00:e8:02:d3:7f:4a:29:fc:
                    48:55:4c:f1:c6:3e:31:6f:d5:a3:f4:a5:9f:5e:b0:
                    42:4e:b4:02:19:0e:03:06:d8:eb:c2:14:39:f6:96:
                    29:c6:1b:61:98:8c:f4:7d:6e:c7:59:bf:77:1c:43:
                    15:5c:12:33:d9:aa:cf:6f:10:59:93:92:1d:5d:9a:
                    cd:85:a7:2a:58:9f:e4:94:2f:37:94:4e:af:59:74:
                    e2:e1:8d:07:93:fd:b4:58:12:37:03:ca:81:3e:0c:
                    9c:13:b3:38:93:aa:3f:4f:66:e8:35:d5:22:35:85:
                    0e:1c:22:0e:ae:d8:5f:e8:06:b9:8b:7b:f0:1b:3d:
                    06:a8:eb:78:fa:f6:d3:6c:c0:ee:9b:88:7a:f8:b4:
                    7a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                20:FE:EB:D6:FA:26:35:1C:4B:F4:4F:F6:43:18:36:F8:B1:C0:03:6A
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.en-wp.com, DNS:*.en-wp.org, DNS:*.mediawiki.com, DNS:*.voyagewiki.com, DNS:*.voyagewiki.org, DNS:*.wiikipedia.com, DNS:*.wikibook.com, DNS:*.wikibooks.com, DNS:*.wikiepdia.com, DNS:*.wikiepdia.org, DNS:*.wikiipedia.org, DNS:*.wikijunior.com, DNS:*.wikijunior.net, DNS:*.wikijunior.org, DNS:*.wikipedia.com, DNS:en-wp.com, DNS:en-wp.org, DNS:mediawiki.com, DNS:voyagewiki.com, DNS:voyagewiki.org, DNS:wiikipedia.com, DNS:wikibook.com, DNS:wikibooks.com, DNS:wikiepdia.com, DNS:wikiepdia.org, DNS:wikiipedia.org, DNS:wikijunior.com, DNS:wikijunior.net, DNS:wikijunior.org, DNS:wikipedia.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Apr  2 09:14:59.882 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:21:51:FB:79:C2:BD:71:B6:8F:F9:87:52:
                                93:61:73:E1:C9:52:FE:5F:B3:22:E7:2A:16:13:2C:23:
                                7D:82:59:AE:02:21:00:9B:95:67:D8:A6:A6:86:A2:D2:
                                6F:CE:DE:A8:45:5A:69:D3:57:59:FA:DF:0C:0C:7F:1A:
                                82:85:E0:78:07:D2:6B
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Apr  2 09:14:59.382 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:3A:84:B5:AE:8D:7E:F7:1A:9C:08:97:DA:
                                3A:5B:C6:4A:DA:78:26:90:09:5D:50:37:2E:A8:07:09:
                                E5:BB:93:71:02:20:53:A9:08:A9:A8:6B:BE:42:1E:8E:
                                F9:B9:DB:FB:9D:4E:92:2B:EF:F0:B0:C9:0E:9B:16:E2:
                                70:04:E8:F1:9B:96
    Signature Algorithm: sha256WithRSAEncryption
         44:d5:4e:5b:cd:ab:e6:d1:01:63:91:cd:8c:c7:03:2f:53:49:
         ad:95:cb:ec:40:b4:24:86:f0:63:35:a3:5d:4e:e6:68:ae:9d:
         fa:0f:39:98:a5:31:de:0d:ba:d9:88:f4:61:37:9d:f8:da:c2:
         67:97:4b:0e:60:90:1c:22:95:38:52:74:ed:99:8b:db:3f:24:
         85:f3:1a:57:4c:df:c8:2f:c3:97:84:5e:78:57:13:9c:38:75:
         f5:28:9e:e2:52:e6:d5:56:96:9e:eb:68:03:f4:ad:1a:83:9a:
         8c:5a:25:e7:6a:36:be:01:0e:36:16:56:ad:fe:a8:bd:58:ab:
         54:98:83:70:79:d7:fd:9a:af:78:47:3a:d8:ac:4a:ee:66:3e:
         70:26:c7:ed:ee:ba:6e:e0:47:17:39:1d:cd:25:fa:1c:52:70:
         53:4a:ea:b3:d2:20:e5:d2:fc:53:d2:3b:e0:7c:64:a8:42:f8:
         38:86:56:6a:4a:52:15:9b:38:6c:f7:24:9a:cb:2a:e6:96:95:
         64:19:96:5a:09:70:df:f9:2f:93:03:b8:cb:33:8f:56:e3:f1:
         da:f7:7e:53:56:63:ee:f9:99:9c:64:bd:33:ff:92:9b:36:45:
         70:00:f5:94:48:0f:b2:bc:06:c8:6c:76:b9:e7:3c:a4:9c:a5:
         0c:df:b9:60
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:9d:54:f8:97:4c:21:6a:8b:49:48:ed:b4:07:c5:c7:70:63
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:15:06 2019 GMT
            Not After : Jul  1 08:15:06 2019 GMT
        Subject: CN = *.wikimania.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:05:00:97:f1:72:f2:9f:9d:f2:c2:90:77:db:
                    e4:9c:55:37:87:d9:ee:40:de:2d:da:bf:a8:fa:4f:
                    d9:e7:0d:dd:b2:ef:89:ca:f9:b8:2b:b7:a5:b4:8c:
                    30:02:50:54:2c:16:91:fe:da:4d:e2:09:f4:f4:64:
                    db:3d:07:57:8f:22:91:f9:7d:72:40:a6:b9:7e:95:
                    1a:f0:39:be:67:cf:92:d7:3d:17:b1:ac:fe:f3:2e:
                    b9:da:84:70:fd:0e:8b:bc:9b:69:ce:f3:ba:80:8a:
                    f2:cd:09:be:3b:30:42:d8:f1:c0:ff:b4:e9:61:1f:
                    99:82:25:ea:df:9e:c8:86:65:49:34:8d:05:0c:a2:
                    6f:38:69:73:5d:61:f5:48:ca:32:60:61:4c:8d:fb:
                    9f:95:c7:12:5e:50:80:67:4f:32:cf:f8:f9:72:3d:
                    29:e2:6d:ce:9f:c7:b4:60:be:11:2b:33:17:8e:7a:
                    9d:aa:3b:37:5f:9c:d4:bd:e2:5d:b4:bd:52:ec:29:
                    30:3a:42:17:5e:5a:74:b8:c3:c6:80:25:8d:f5:31:
                    e3:c3:bf:3f:1d:56:90:83:ca:37:43:c8:c7:e9:77:
                    97:fc:01:dc:1a:0a:75:be:68:66:32:df:ea:91:6b:
                    3b:b2:c9:34:da:08:29:bb:22:f7:4c:27:dd:4e:5d:
                    08:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                F4:69:47:AD:10:14:8F:9C:22:3F:AF:A4:47:C4:EA:F1:17:2B:E4:3E
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.wikimania.com, DNS:*.wikimania.org, DNS:*.wikimedia.com, DNS:*.wikimedia.community, DNS:*.wikimedia.ee, DNS:*.wikimedia.jp.net, DNS:*.wikimedia.lt, DNS:*.wikimedia.us, DNS:*.wikimediacommons.co.uk, DNS:*.wikimediacommons.info, DNS:*.wikimediacommons.jp.net, DNS:*.wikimediacommons.mobi, DNS:*.wikimediacommons.net, DNS:*.wikimediacommons.org, DNS:*.wikimediafoundation.com, DNS:*.wikimediafoundation.info, DNS:*.wikimediafoundation.net, DNS:*.wikinews.com, DNS:*.wikinews.de, DNS:wikimania.com, DNS:wikimania.org, DNS:wikimedia.com, DNS:wikimedia.community, DNS:wikimedia.ee, DNS:wikimedia.jp.net, DNS:wikimedia.lt, DNS:wikimedia.us, DNS:wikimediacommons.co.uk, DNS:wikimediacommons.info, DNS:wikimediacommons.jp.net, DNS:wikimediacommons.mobi, DNS:wikimediacommons.net, DNS:wikimediacommons.org, DNS:wikimediafoundation.com, DNS:wikimediafoundation.info, DNS:wikimediafoundation.net, DNS:wikinews.com, DNS:wikinews.de
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Apr  2 09:15:07.521 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1C:1A:03:DB:EE:DD:6A:48:48:96:7A:71:
                                18:25:C1:45:86:A3:60:13:A2:D5:5E:C7:B8:20:DA:5D:
                                FF:EB:6F:A5:02:20:1C:EA:BD:33:9E:0B:A3:4F:62:BB:
                                07:D7:F7:44:9C:C6:F0:DF:DE:C7:18:C4:D6:91:20:10:
                                84:75:10:AF:6F:FA
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Apr  2 09:15:07.487 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:7E:CC:85:E6:11:FE:25:19:D6:7B:9D:F7:
                                C3:1E:31:9E:A2:C6:11:C7:97:B7:D2:82:CE:12:5B:C8:
                                AA:AA:B0:BB:02:21:00:8F:91:11:43:16:91:63:71:30:
                                20:E8:04:0B:96:9D:B2:76:31:42:EE:FE:3C:91:BE:37:
                                41:34:D7:68:9A:8A:13
    Signature Algorithm: sha256WithRSAEncryption
         6b:a8:01:c4:f1:20:ed:b4:8d:8f:31:49:e2:d9:d1:7f:64:b2:
         b6:a1:ad:21:6c:da:95:e2:a6:cf:ba:28:3f:88:4d:da:e5:3f:
         87:f4:27:c5:bc:df:44:58:09:91:73:23:7c:8b:fd:d0:64:0f:
         71:48:9e:3b:5e:7f:0c:a6:a9:30:3a:3d:e4:20:0c:7a:c5:24:
         26:8a:ab:72:18:e3:15:c6:ad:05:29:a5:4f:2d:6f:44:4c:9d:
         c4:54:c3:a6:ad:be:94:6b:80:41:ca:1b:9f:8b:10:6b:1f:3b:
         b7:8c:45:70:70:1f:14:d1:b1:54:7f:2a:d0:1c:4a:15:40:29:
         77:ef:08:16:77:46:ee:3f:01:dc:58:e3:21:d3:32:78:52:6e:
         e6:05:22:13:ef:4e:2b:fd:10:55:11:4f:ab:87:76:59:dc:34:
         09:4e:8d:0e:32:7a:7e:eb:42:18:50:56:0e:fc:43:63:65:63:
         8d:46:92:56:66:43:1b:20:e0:cb:42:53:ed:cb:a2:f1:82:2c:
         fa:00:0f:4f:9a:3f:2f:f3:6f:0f:14:cd:96:13:76:e7:53:09:
         7c:c2:bc:df:94:cf:8b:19:1d:7f:d7:95:f5:4e:03:07:80:04:
         ef:69:06:26:d2:3d:b6:7c:46:e2:ae:69:2e:c5:48:f0:05:29:
         c9:e4:36:0a
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:a0:fe:b5:d7:f5:ba:7f:59:36:af:83:70:c5:f1:20:d6:f2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:15:16 2019 GMT
            Not After : Jul  1 08:15:16 2019 GMT
        Subject: CN = *.wikipedia.bg
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bd:ac:dc:22:82:07:bc:8b:a9:44:69:eb:5b:
                    d5:bd:88:27:55:ca:01:af:81:30:0a:3b:81:b8:95:
                    8a:4c:e0:76:7d:0c:2d:66:1a:e9:0f:c3:9a:ec:42:
                    2a:8e:a3:a8:c9:66:24:ed:0b:9b:c7:ab:b8:c1:cc:
                    e6:b0:91:09:eb:3a:ab:84:ad:05:68:0d:d7:e5:90:
                    e6:3d:57:7e:64:3c:80:31:85:2b:09:c5:72:7e:fe:
                    57:a5:c9:e6:0b:13:d6:02:35:3b:96:e6:1e:6a:5e:
                    19:5e:e2:5f:c0:4e:70:14:d0:fb:79:77:92:d8:38:
                    62:e9:d9:c9:83:29:74:ed:e6:43:e2:6c:78:8f:1c:
                    67:f0:6e:e2:18:54:c2:19:3b:12:c4:19:5f:94:4d:
                    c9:3e:3b:fc:b9:0e:b9:f5:df:d6:8b:98:77:80:69:
                    f4:8a:20:45:22:d0:48:6e:75:89:88:e3:06:13:c2:
                    3b:fe:9e:71:ca:25:6d:5b:de:2b:3a:63:96:7a:79:
                    00:51:e1:5f:8d:a4:44:1f:79:31:b4:17:5d:c2:9e:
                    36:59:e0:23:ae:a5:29:14:47:be:6f:6e:7e:70:bf:
                    b9:5e:ff:96:78:32:f4:cb:c9:3f:71:32:d7:c8:9d:
                    2d:f9:f9:be:05:a7:7e:c0:31:43:52:c8:b8:1e:3f:
                    f4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                AD:C5:88:25:7A:16:01:75:5C:A7:94:1F:C4:D7:C2:06:D6:86:2B:A6
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.wiki-pedia.org, DNS:*.wikipedia.bg, DNS:*.wikipedia.co.il, DNS:*.wikipedia.co.za, DNS:*.wikipedia.ee, DNS:*.wikipedia.gr, DNS:*.wikipedia.in, DNS:*.wikipedia.info, DNS:*.wikipedia.is, DNS:*.wikipedia.lt, DNS:*.wikipedia.net, DNS:*.wikipedia.org.il, DNS:*.wikipediazero.org, DNS:*.wikiquote.com, DNS:*.wikiquote.net, DNS:*.wikisource.com, DNS:*.wikisource.pl, DNS:*.wikispecies.com, DNS:wiki-pedia.org, DNS:wikipedia.bg, DNS:wikipedia.co.il, DNS:wikipedia.co.za, DNS:wikipedia.ee, DNS:wikipedia.gr, DNS:wikipedia.in, DNS:wikipedia.info, DNS:wikipedia.is, DNS:wikipedia.lt, DNS:wikipedia.net, DNS:wikipedia.org.il, DNS:wikipediazero.org, DNS:wikiquote.com, DNS:wikiquote.net, DNS:wikisource.com, DNS:wikisource.pl, DNS:wikispecies.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Apr  2 09:15:16.439 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EE:75:32:5F:45:8A:D5:9E:2A:8E:1F:
                                60:18:FE:D8:24:2F:C7:CC:66:86:AD:31:32:29:0E:EE:
                                D9:91:C4:12:10:02:21:00:AE:58:90:9A:EC:99:81:A9:
                                39:4E:0D:FE:42:33:C3:6B:77:6B:33:B9:AF:D0:0E:1E:
                                D8:20:43:E1:28:67:38:07
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Apr  2 09:15:16.555 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:4C:11:FB:AD:4A:7D:27:A7:0E:3A:E2:EF:
                                9B:A6:9F:64:0A:3E:19:29:79:4C:3A:AD:72:60:FD:EE:
                                08:21:A3:C4:02:21:00:9B:59:20:55:B7:DF:3E:A7:0A:
                                58:23:E9:98:2B:AD:5C:30:0D:78:47:A9:19:7C:AB:49:
                                0D:1D:16:BE:E1:C3:90
    Signature Algorithm: sha256WithRSAEncryption
         4d:2f:4d:f5:84:20:78:3d:6a:23:72:56:01:60:6f:c3:88:1f:
         4a:9f:ec:1d:05:10:ee:05:a2:a2:af:db:29:b3:67:4c:d4:e2:
         44:21:b6:39:1d:5c:e4:2b:3c:1b:1e:af:41:7e:3b:6d:d3:8c:
         f3:e5:6a:31:c0:a4:05:f9:cf:7f:25:3b:93:18:f9:61:6a:dc:
         9c:83:e6:52:1a:0c:fc:fa:85:62:cc:69:a3:71:9c:29:4e:67:
         dc:b3:41:3d:6e:31:9b:e1:f0:fa:fa:52:f7:54:b7:39:ec:a5:
         69:df:50:42:5e:3c:74:f9:e1:38:e2:39:90:ce:c7:92:a4:56:
         f2:29:54:dc:50:03:15:7d:e4:5d:b3:17:2f:67:d2:d7:d9:af:
         48:7a:dd:8d:b3:1a:f8:3b:52:e5:67:be:f9:bf:f1:f6:53:b8:
         71:91:38:2f:69:b1:0b:6d:a2:5b:c6:c4:f4:da:95:98:81:52:
         b6:7a:20:e6:f1:47:50:39:51:79:a3:3b:c9:84:37:74:3c:c6:
         63:67:02:e9:4a:e9:82:15:e3:6c:82:39:6e:cb:c8:43:66:17:
         14:2e:9e:9a:68:d9:c1:32:8d:9f:b6:a5:dd:34:c6:7a:ae:93:
         76:d8:a0:b6:87:36:1c:4b:5f:70:b4:f7:04:df:4e:4b:b3:66:
         64:d8:f1:29
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:97:81:1e:a5:94:a5:89:ea:8e:1f:72:b6:24:70:b4:f3:7d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:15:20 2019 GMT
            Not After : Jul  1 08:15:20 2019 GMT
        Subject: CN = *.wikispecies.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:07:8a:07:29:a7:d0:fa:30:11:3c:75:74:1a:
                    7a:93:c6:eb:c2:56:d9:5f:e5:ed:dd:8b:6a:00:3c:
                    89:14:e5:b7:2f:e2:b7:37:99:5b:35:4f:8a:07:d6:
                    d6:23:17:60:4c:87:37:f7:37:5e:90:ea:82:cf:59:
                    75:6c:44:12:00:05:26:2a:70:7b:dc:85:77:42:df:
                    49:60:4d:59:3c:3b:41:fa:27:d7:76:ac:9d:37:0a:
                    74:8c:d2:84:81:aa:3f:3e:f0:a3:cc:e8:f9:8f:fa:
                    29:a7:e9:82:38:56:4b:52:af:df:9d:ab:c2:df:bf:
                    1d:ca:9b:70:c7:fc:97:22:86:c2:bf:97:84:69:9c:
                    11:82:ce:99:d9:0e:13:1c:80:de:1d:8f:04:28:b7:
                    11:38:e7:95:40:46:66:8c:fa:54:1a:54:ee:41:66:
                    62:bb:dc:9f:05:1c:cc:01:48:52:81:77:ee:6e:21:
                    8f:0b:5f:21:c3:6d:92:50:c8:f6:20:e3:e9:10:ef:
                    b2:7c:6d:d0:2d:e5:3c:9b:53:06:23:f6:c6:bc:88:
                    bf:b0:80:34:c6:bb:3d:10:9b:c7:7e:b5:8b:75:41:
                    86:9f:dc:f6:94:d6:28:f2:01:84:2a:78:a6:5a:81:
                    15:29:61:f0:ae:36:45:dd:54:a1:31:0f:30:c9:6d:
                    ef:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                34:87:80:31:CC:AA:6A:60:3E:1B:C2:60:96:EB:6F:C3:71:05:88:1F
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.wikispecies.net, DNS:*.wikispecies.org, DNS:*.wikiversity.com, DNS:*.wikivoyage.com, DNS:*.wikivoyage.de, DNS:*.wikivoyage.eu, DNS:*.wikivoyage.net, DNS:*.wikivoyager.de, DNS:*.wikivoyager.org, DNS:*.wikpedia.org, DNS:*.wiktionary.com, DNS:*.wiktionary.eu, DNS:wikispecies.net, DNS:wikispecies.org, DNS:wikiversity.com, DNS:wikivoyage.com, DNS:wikivoyage.de, DNS:wikivoyage.eu, DNS:wikivoyage.net, DNS:wikivoyager.de, DNS:wikivoyager.org, DNS:wikpedia.org, DNS:wiktionary.com, DNS:wiktionary.eu
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Apr  2 09:15:20.110 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6F:E1:A1:64:D8:AA:20:3D:77:A2:86:F2:
                                53:78:FB:5F:5A:E5:3B:58:24:5A:B1:E4:99:A1:F7:91:
                                C2:80:91:EB:02:20:7B:BE:E9:28:2C:96:93:58:ED:57:
                                F9:97:DC:A7:1B:E1:BE:7D:35:C5:AB:FE:58:FB:D4:D6:
                                5F:EE:11:BE:61:86
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Apr  2 09:15:20.610 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:4F:62:18:E1:0E:37:F1:FF:84:A1:39:67:
                                EE:59:58:A4:BF:B5:1E:61:85:74:9D:DE:9E:BC:1B:13:
                                42:74:23:3D:02:20:5F:26:04:39:7D:9F:5F:62:E3:47:
                                BC:84:DE:C6:45:69:0D:96:C2:95:1C:CB:77:F0:98:8F:
                                0F:DC:58:07:4D:9A
    Signature Algorithm: sha256WithRSAEncryption
         25:b3:4a:7a:02:6c:96:1f:7a:36:2e:4c:94:0f:f5:69:20:e3:
         22:3a:99:fc:2b:74:39:71:27:18:da:5b:66:b8:ba:46:81:42:
         86:1a:8a:36:76:7d:46:53:ce:b9:76:82:93:7b:e1:5d:16:e3:
         d2:69:b1:45:a6:49:6e:01:5d:9c:d7:b1:a1:64:96:dc:2b:f0:
         d8:cb:5a:fb:40:76:21:47:5a:7f:ab:df:ad:a9:b7:e3:20:da:
         b8:92:dc:73:d3:3e:3f:35:4d:da:0e:5c:04:05:67:a1:6e:5f:
         ab:d4:2a:64:d6:a8:a4:8c:6a:82:7e:96:64:03:b7:ee:5a:6d:
         4e:ea:79:dd:cc:35:83:16:fe:b0:da:02:5a:3a:f4:30:5e:7c:
         77:9f:f9:d8:16:51:c2:98:89:56:b7:18:62:2c:4d:e4:9d:7e:
         06:c8:4a:88:e5:8a:13:24:a5:fa:97:96:88:a2:72:a7:3b:34:
         3e:32:57:11:97:d0:aa:db:b5:e9:fd:85:1c:08:5e:07:a2:6c:
         a8:10:f5:77:5a:d1:bf:0b:00:0b:1c:26:b8:4d:58:bb:fb:be:
         98:4e:1d:01:39:ef:87:02:91:e7:b2:b8:6c:25:4c:f7:d8:70:
         f6:69:69:a1:1d:95:3d:76:e3:52:ea:b5:2f:ca:a1:27:f2:46:
         29:68:b3:76
root@acmechief1001:~# for i in {1..4}; do openssl x509 -text -noout -in /var/lib/acme-chief/certs/non-canonical-redirect-$i/live/ec-prime256v1.crt; done
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:d3:9e:0d:f5:87:e6:ae:7e:59:e1:1e:5e:b4:03:f5:3b:0a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:14:02 2019 GMT
            Not After : Jul  1 08:14:02 2019 GMT
        Subject: CN = wikipedia.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:b4:aa:64:8d:e9:67:5b:d8:13:78:aa:84:d2:54:
                    27:18:ea:0c:71:fe:9b:dd:e3:ab:b4:60:b7:a9:25:
                    33:a7:ec:56:da:c9:24:5d:83:c3:46:a2:fa:e1:a4:
                    8f:c5:2b:78:a0:d1:34:75:ee:8e:c7:4d:8a:27:e1:
                    25:70:4f:1f:5e
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                1D:FC:52:95:16:1B:83:2E:87:90:49:50:03:5D:1E:87:50:6A:05:57
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.en-wp.com, DNS:*.en-wp.org, DNS:*.mediawiki.com, DNS:*.voyagewiki.com, DNS:*.voyagewiki.org, DNS:*.wiikipedia.com, DNS:*.wikibook.com, DNS:*.wikibooks.com, DNS:*.wikiepdia.com, DNS:*.wikiepdia.org, DNS:*.wikiipedia.org, DNS:*.wikijunior.com, DNS:*.wikijunior.net, DNS:*.wikijunior.org, DNS:*.wikipedia.com, DNS:en-wp.com, DNS:en-wp.org, DNS:mediawiki.com, DNS:voyagewiki.com, DNS:voyagewiki.org, DNS:wiikipedia.com, DNS:wikibook.com, DNS:wikibooks.com, DNS:wikiepdia.com, DNS:wikiepdia.org, DNS:wikiipedia.org, DNS:wikijunior.com, DNS:wikijunior.net, DNS:wikijunior.org, DNS:wikipedia.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Apr  2 09:14:02.701 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:F0:16:17:D4:EF:55:D9:11:3C:6E:E3:
                                FB:6B:F8:AA:C5:EB:5A:FF:4F:D7:F4:4B:44:47:48:EA:
                                08:E3:2D:20:4A:02:20:65:99:7A:6D:A1:B6:89:8B:AD:
                                D5:05:95:C0:48:16:70:A6:3B:6E:87:69:50:58:FC:AB:
                                8C:EC:80:D2:B6:80:38
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Apr  2 09:14:02.700 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:4B:06:CB:68:EF:59:EF:78:67:BF:2B:BF:
                                A5:27:6F:14:0F:17:B2:F3:06:17:A5:2C:C7:E9:F9:D2:
                                40:3D:3C:A8:02:20:2A:EB:74:D1:3E:59:73:77:8E:16:
                                BD:E7:AB:AF:AC:B9:B8:08:77:A8:4C:53:BE:D1:EC:07:
                                F8:5D:95:66:6C:2B
    Signature Algorithm: sha256WithRSAEncryption
         95:75:61:04:45:bf:bd:8e:55:d4:1a:23:37:73:a3:32:14:93:
         a6:c8:80:a7:0c:be:63:49:27:2c:10:58:c2:c6:09:da:40:97:
         af:80:0d:e0:2c:f6:cb:91:2c:0d:48:46:3a:5b:26:1c:28:03:
         41:53:5b:6d:19:3d:a3:87:d6:b0:52:86:4e:b9:5b:d3:e0:43:
         d6:bc:96:5a:8c:42:ad:28:a7:33:6b:64:8a:1d:02:a5:2d:25:
         f3:74:b5:11:f9:e4:05:e4:4d:b4:39:93:b1:ef:d0:3e:be:dc:
         35:22:c3:60:bb:56:38:4e:ad:b5:f5:4e:f0:37:63:c1:9b:9b:
         d6:af:d1:4f:28:e3:13:b8:0d:c6:1a:3d:34:1c:41:6b:14:28:
         c6:d6:17:06:5a:cf:a2:85:13:3f:d3:16:e4:c7:cd:06:89:f9:
         79:0f:1b:4d:2a:e1:08:ab:32:fd:94:2c:5f:3d:e5:af:f0:e3:
         e9:7e:9c:b5:5f:0f:73:70:5d:a7:81:e4:52:3b:fd:06:56:18:
         7c:d5:20:4f:47:72:dd:2f:20:12:f4:cf:89:b8:8a:fc:fd:54:
         b1:74:06:9f:83:c7:8f:3c:49:01:82:41:c0:fc:a9:36:6b:47:
         9c:c3:87:f0:0d:77:fc:fa:e9:b7:8e:7e:a9:47:0c:8a:c7:30:
         3a:73:42:0d
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:d8:84:60:51:54:71:a6:ab:ea:43:55:2d:26:62:e7:7a:b2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:14:18 2019 GMT
            Not After : Jul  1 08:14:18 2019 GMT
        Subject: CN = *.wikimania.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:82:d4:cc:53:2e:24:b8:c5:4a:e1:12:63:d2:3e:
                    f2:34:70:c1:9c:02:8e:d8:9d:74:dd:98:fc:1b:61:
                    54:33:91:9c:cf:05:d6:fb:13:b0:74:42:fd:c7:f5:
                    5d:ec:2b:01:f0:f6:6a:26:db:2f:c5:18:3a:65:26:
                    82:13:23:f8:29
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                05:66:0D:E3:19:9F:CD:5C:FC:12:A1:A2:D6:B6:76:61:AC:A1:FB:64
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.wikimania.com, DNS:*.wikimania.org, DNS:*.wikimedia.com, DNS:*.wikimedia.community, DNS:*.wikimedia.ee, DNS:*.wikimedia.jp.net, DNS:*.wikimedia.lt, DNS:*.wikimedia.us, DNS:*.wikimediacommons.co.uk, DNS:*.wikimediacommons.info, DNS:*.wikimediacommons.jp.net, DNS:*.wikimediacommons.mobi, DNS:*.wikimediacommons.net, DNS:*.wikimediacommons.org, DNS:*.wikimediafoundation.com, DNS:*.wikimediafoundation.info, DNS:*.wikimediafoundation.net, DNS:*.wikinews.com, DNS:*.wikinews.de, DNS:wikimania.com, DNS:wikimania.org, DNS:wikimedia.com, DNS:wikimedia.community, DNS:wikimedia.ee, DNS:wikimedia.jp.net, DNS:wikimedia.lt, DNS:wikimedia.us, DNS:wikimediacommons.co.uk, DNS:wikimediacommons.info, DNS:wikimediacommons.jp.net, DNS:wikimediacommons.mobi, DNS:wikimediacommons.net, DNS:wikimediacommons.org, DNS:wikimediafoundation.com, DNS:wikimediafoundation.info, DNS:wikimediafoundation.net, DNS:wikinews.com, DNS:wikinews.de
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Apr  2 09:14:19.402 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:CB:4D:40:73:B9:C4:14:E1:8D:AF:20:
                                99:71:4F:13:26:10:E6:04:19:B3:AB:C6:54:4F:89:4D:
                                CD:27:D2:FF:56:02:20:59:7A:61:E7:5C:AB:6F:A9:BA:
                                EE:2D:77:A8:43:66:0B:37:AF:B7:B4:54:2D:87:84:AF:
                                4E:22:D8:B5:97:0D:48
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Apr  2 09:14:18.902 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:79:57:FF:90:42:A7:EB:CA:9A:0F:96:81:
                                95:C8:BD:FF:ED:1E:54:72:BD:10:26:FE:31:01:2B:D9:
                                3A:A4:C8:7F:02:21:00:BE:CF:ED:09:91:1E:6F:E9:84:
                                B1:96:27:C4:28:B8:57:E1:7B:AE:6F:A0:9A:8E:0E:53:
                                ED:6F:CC:AB:3D:BA:2F
    Signature Algorithm: sha256WithRSAEncryption
         7c:d2:11:f0:20:27:a2:ac:85:15:a7:b9:06:33:d1:b4:3b:e4:
         af:b6:d2:89:88:88:54:3e:ed:d0:bc:9d:43:3f:2d:61:03:82:
         a9:fb:e2:54:fa:b0:d8:8f:85:35:86:1a:20:5d:de:95:2b:b4:
         94:51:f1:f9:4f:dc:a8:b8:36:47:6c:b8:57:70:41:50:04:3d:
         12:99:3f:1f:31:b0:d8:14:b0:2b:47:17:1b:20:4c:67:3b:85:
         f4:a2:c6:06:6b:32:d3:0f:92:b5:0e:08:4f:e7:2a:72:9b:b4:
         78:a5:cb:ea:71:df:b0:1c:af:d7:92:64:78:69:a7:f6:d9:0c:
         05:09:58:f2:26:c2:6b:23:79:17:88:25:1a:8f:ae:45:2b:92:
         d0:6b:13:9f:7d:79:e9:a7:6a:fe:88:03:de:d8:8d:e1:bb:a1:
         8b:c2:ed:e4:be:67:75:7d:47:da:f6:4a:e2:c9:0d:0f:6d:0a:
         fa:e3:60:b5:c6:11:3f:c0:b4:6a:62:9e:3b:5d:71:ce:9c:14:
         ad:b7:3c:04:bb:92:9b:a5:f8:0b:e4:b9:5e:14:dc:da:b8:6b:
         a5:c3:92:8c:25:78:a5:12:46:5b:b8:4a:f9:9f:8f:0a:e8:f7:
         1f:5c:ce:88:08:0d:4c:c3:7d:9d:64:96:56:e3:39:2b:fd:a7:
         63:95:51:be
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:50:b6:a0:19:c2:99:32:ce:b7:05:df:e7:c3:0a:f4:12:ea
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:14:34 2019 GMT
            Not After : Jul  1 08:14:34 2019 GMT
        Subject: CN = *.wikipedia.bg
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:b0:e2:22:c4:c3:d3:16:24:cb:30:23:88:50:80:
                    47:11:32:95:13:0c:07:f0:49:19:10:e5:e3:bd:58:
                    38:d3:c1:d6:9b:b7:6f:21:1c:43:48:eb:7b:21:77:
                    94:44:4e:fb:ed:e9:5a:5c:5f:ed:ae:65:88:c6:71:
                    aa:94:9a:6f:ca
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                4D:71:DB:C7:AE:C5:13:BC:E0:98:D0:73:B3:19:50:69:6D:88:35:7B
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.wiki-pedia.org, DNS:*.wikipedia.bg, DNS:*.wikipedia.co.il, DNS:*.wikipedia.co.za, DNS:*.wikipedia.ee, DNS:*.wikipedia.gr, DNS:*.wikipedia.in, DNS:*.wikipedia.info, DNS:*.wikipedia.is, DNS:*.wikipedia.lt, DNS:*.wikipedia.net, DNS:*.wikipedia.org.il, DNS:*.wikipediazero.org, DNS:*.wikiquote.com, DNS:*.wikiquote.net, DNS:*.wikisource.com, DNS:*.wikisource.pl, DNS:*.wikispecies.com, DNS:wiki-pedia.org, DNS:wikipedia.bg, DNS:wikipedia.co.il, DNS:wikipedia.co.za, DNS:wikipedia.ee, DNS:wikipedia.gr, DNS:wikipedia.in, DNS:wikipedia.info, DNS:wikipedia.is, DNS:wikipedia.lt, DNS:wikipedia.net, DNS:wikipedia.org.il, DNS:wikipediazero.org, DNS:wikiquote.com, DNS:wikiquote.net, DNS:wikisource.com, DNS:wikisource.pl, DNS:wikispecies.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:
                                3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
                    Timestamp : Apr  2 09:14:34.637 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6C:D4:1A:44:E2:6E:73:AA:93:9A:62:DD:
                                07:50:6C:68:AD:B7:2F:52:4D:31:DD:5A:AC:CA:60:A5:
                                1D:12:30:84:02:20:4A:EB:1C:B6:E5:9E:5F:EF:5B:E4:
                                B4:6F:5B:0C:BF:21:1F:C3:95:D9:A8:7C:0A:FE:38:7E:
                                B7:9E:FD:31:34:96
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Apr  2 09:14:34.756 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:07:B2:AC:05:B7:94:89:B8:AD:BC:98:AA:
                                DE:7D:5C:E9:57:53:F8:8D:3E:23:39:61:FC:BF:DA:B7:
                                B4:4D:A8:55:02:21:00:B2:5D:C9:96:72:B1:60:3F:87:
                                65:43:D0:2C:B9:20:62:96:08:33:8D:F7:92:0D:9F:2E:
                                97:C8:9D:43:BF:6A:D5
    Signature Algorithm: sha256WithRSAEncryption
         87:a8:17:33:c4:66:2a:48:c2:90:dd:96:70:6b:7a:a9:9a:13:
         91:bd:27:56:3b:30:0e:3a:d6:bc:8d:79:00:3e:1c:7d:52:a3:
         22:09:fb:38:1f:2b:e3:6d:96:57:71:b4:be:ed:58:6a:e3:22:
         4b:36:3d:76:e8:44:18:a6:f1:9e:58:2e:c5:5e:c1:65:7a:6e:
         a2:de:ea:36:af:31:ee:74:1a:68:f9:8a:24:ac:0d:95:ab:60:
         81:2c:ac:3e:ab:dc:41:dd:08:ca:1f:28:e6:26:e4:2f:0a:c3:
         c9:c3:52:fa:e5:43:b3:83:87:3f:b0:8b:24:3a:62:03:48:24:
         55:b1:9f:b4:ef:16:ec:1a:14:5e:04:64:21:16:08:34:90:f4:
         9e:b7:a0:54:0a:4d:24:d6:87:02:37:b5:ef:c5:37:89:d0:12:
         f1:64:49:ca:30:f0:a1:55:f4:c5:5a:d9:24:70:2e:26:08:99:
         13:05:28:a9:3e:31:ea:51:9c:c0:dd:87:8a:dc:ec:06:f2:42:
         7a:1a:18:86:1c:cd:3c:7e:0d:27:08:3b:5e:28:9e:a3:f2:6a:
         6d:e7:ac:6b:80:94:41:95:39:d0:39:0f:c2:c0:a0:e9:2d:22:
         c2:4c:52:8c:0d:93:65:ae:54:7a:dc:b4:61:b2:37:12:91:3c:
         04:b7:75:c9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:96:db:cb:7d:c2:ef:70:12:eb:42:7f:b9:ac:0a:83:59:b2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  2 08:14:47 2019 GMT
            Not After : Jul  1 08:14:47 2019 GMT
        Subject: CN = *.wikispecies.net
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:8d:99:e3:7a:09:89:54:22:df:2f:0e:d2:70:4b:
                    c2:95:e4:be:3d:02:e9:3e:fe:0d:90:bc:a7:07:0a:
                    d6:20:ea:37:da:3f:4c:c1:a3:37:8c:66:a9:70:1f:
                    83:06:3f:84:70:b5:de:8b:9d:53:8f:19:3b:87:2e:
                    04:ec:ea:f5:e2
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                30:C5:73:94:26:BB:8E:91:B8:43:87:A2:A4:3A:C1:15:2C:DF:CD:18
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:*.wikispecies.net, DNS:*.wikispecies.org, DNS:*.wikiversity.com, DNS:*.wikivoyage.com, DNS:*.wikivoyage.de, DNS:*.wikivoyage.eu, DNS:*.wikivoyage.net, DNS:*.wikivoyager.de, DNS:*.wikivoyager.org, DNS:*.wikpedia.org, DNS:*.wiktionary.com, DNS:*.wiktionary.eu, DNS:wikispecies.net, DNS:wikispecies.org, DNS:wikiversity.com, DNS:wikivoyage.com, DNS:wikivoyage.de, DNS:wikivoyage.eu, DNS:wikivoyage.net, DNS:wikivoyager.de, DNS:wikivoyager.org, DNS:wikpedia.org, DNS:wiktionary.com, DNS:wiktionary.eu
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:
                                3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
                    Timestamp : Apr  2 09:14:47.940 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:CD:B3:6E:69:CA:15:CA:CD:7F:9A:CB:
                                67:7F:CC:64:2E:D9:DF:5C:98:93:4B:45:FE:E5:4D:7F:
                                B7:4C:5E:AE:44:02:21:00:E0:D9:5C:C6:50:49:31:50:
                                F1:2F:B5:BF:8C:98:4E:EE:E7:AF:F0:57:4C:F5:41:A1:
                                7B:C4:E7:04:8C:06:04:F9
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Apr  2 09:14:47.944 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:36:54:42:68:9C:F0:84:99:13:C3:DD:98:
                                02:E9:FA:6A:8C:42:A6:06:AF:5C:50:CD:01:EF:E5:70:
                                B9:2D:D0:05:02:20:34:31:45:00:9D:7C:AF:D6:9C:DD:
                                AF:39:CD:75:BD:84:0B:DE:EC:54:92:6B:B1:D9:E6:DB:
                                3D:40:EF:DB:74:C8
    Signature Algorithm: sha256WithRSAEncryption
         26:93:68:a1:cc:cb:d5:bc:20:e7:f4:db:7c:e8:8e:a0:cf:14:
         4d:f7:13:43:6f:6a:56:82:6d:f5:d0:77:98:8e:04:8f:72:29:
         cc:66:9d:12:70:e5:5e:18:55:f1:3f:c2:a2:12:4c:b2:5e:b8:
         57:ea:dd:bc:ec:96:eb:cb:fe:e6:0e:d7:80:07:63:28:ae:de:
         27:a3:1c:5a:bf:5e:3b:5e:4c:16:52:7e:43:d2:e9:fe:3f:a7:
         71:a2:af:d3:0d:59:8b:25:bd:d0:78:dd:50:4e:09:02:bd:26:
         91:86:09:a7:75:b8:a0:a0:1e:c2:bf:27:b7:40:cb:c8:60:5f:
         5e:b5:ba:9e:1d:68:8f:eb:50:60:fb:26:4b:86:ff:5f:ce:4e:
         b7:49:cd:a8:dd:7f:38:14:12:e0:60:56:6c:15:54:e6:f5:20:
         80:18:ed:da:91:78:31:5a:86:f1:08:61:d0:f4:04:62:11:47:
         92:01:fd:0a:7c:99:7a:4f:32:ae:8b:9a:72:76:4f:29:10:28:
         83:3e:b8:3d:d8:c0:3e:92:cd:57:dc:35:54:59:76:9b:25:6e:
         4f:be:f1:f1:53:ed:3e:81:63:86:ee:d0:f0:d2:2b:4b:c5:dc:
         e5:57:5a:a8:8e:f5:d0:04:4e:1a:ae:88:bc:8b:47:82:f4:0d:
         ab:45:89:e0
Vgutierrez updated the task description. (Show Details)Apr 2 2019, 9:25 AM

Change 500716 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] redirects.dat: Remove wikisource.gr

https://gerrit.wikimedia.org/r/500716

Change 501331 had a related patch set uploaded (by Ema; owner: Ema):
[operations/puppet@production] hieradata/labs: add wikibase monitoring flag

https://gerrit.wikimedia.org/r/501331

Change 501331 merged by Ema:
[operations/puppet@production] hieradata/labs: add wikibase monitoring flag

https://gerrit.wikimedia.org/r/501331

Change 502208 had a related patch set uploaded (by Ema; owner: Ema):
[operations/puppet@production] hieradata/labs: add profile::cache::ssl::wikibase settings

https://gerrit.wikimedia.org/r/502208

Change 502208 merged by Ema:
[operations/puppet@production] hieradata/labs: add profile::cache::ssl::wikibase settings

https://gerrit.wikimedia.org/r/502208

Change 500716 merged by Vgutierrez:
[operations/puppet@production] redirects.dat: Remove wikisource.gr

https://gerrit.wikimedia.org/r/500716

Change 521241 had a related patch set uploaded (by Ema; owner: Ema):
[operations/puppet@production] cache: deploy acme-chief unified certs on upload@eqsin

https://gerrit.wikimedia.org/r/521241

Change 521241 merged by Ema:
[operations/puppet@production] cache: deploy acme-chief unified certs on upload@eqsin

https://gerrit.wikimedia.org/r/521241

Change 500472 abandoned by BBlack:
Add wikiba.se to HSTS regex

https://gerrit.wikimedia.org/r/500472

Change 500473 abandoned by BBlack:
Add wikiba.se to HTTPS redirect regex

https://gerrit.wikimedia.org/r/500473