Page MenuHomePhabricator

Audit usage of * GlobalSign TLS certificate and migrate any usage to LE
Closed, ResolvedPublic


The GlobalSign certificate that we have used in the past for * expires on 2020-06-24. We should replace this wildcard cert with either a Let's Encrypt wildcard or possibly better just individual certs for services that need it.


Due Date
May 29 2020, 12:00 AM

Event Timeline

bd808 added a parent task: Unknown Object (Task).Apr 13 2020, 5:08 PM
bd808 set Due Date to May 29 2020, 12:00 AM.Apr 21 2020, 4:28 PM
Bstorm claimed this task.
Bstorm subscribed.

I see that T235252: Toolforge: SSL support for new domain created a cert that includes *
In, we switched to the let's encrypt cert and then we removed the old cert from puppet

I do not believe it is currently used anywhere anymore with searching. I checked every place I know it used to be used, and it mentions the acme chief/LE setup instead in puppet. The only other place was the old k8s master, and that's deleted.

bd808 mentioned this in Unknown Object (Task).May 1 2020, 5:58 PM