The GlobalSign certificate that we have used in the past for *.tools.wmflabs.org expires on 2020-06-24. We should replace this wildcard cert with either a Let's Encrypt wildcard or possibly better just individual certs for services that need it.
- Due Date
- May 29 2020, 12:00 AM
|Unknown Object (Task)|
|Resolved||Bstorm||T250098 Audit usage of *.tools.wmflabs.org GlobalSign TLS certificate and migrate any usage to LE|
I see that T235252: Toolforge: SSL support for new domain toolforge.org created a cert that includes *.tools.wmflabs.org.
In https://github.com/wikimedia/puppet/commit/3a4773217e1fb06809cc080058e845dff2b60c21, we switched to the let's encrypt cert and then we removed the old cert from puppet https://github.com/wikimedia/puppet/commit/cfed4132d455ce8a343884f5e1b21b81b1588647
I do not believe it is currently used anywhere anymore with searching. I checked every place I know it used to be used, and it mentions the acme chief/LE setup instead in puppet. The only other place was the old k8s master, and that's deleted.