Page MenuHomePhabricator

Stop using letsencrypt::cert::integrated
Closed, ResolvedPublic

Description

In T120225 it was discovered that letsencrypt::cert::integrated was still in use, but its got a script that only works with ACME v1, so with LE we can no longer make new accounts with it (since November) and it'll stop being able to renew certificates in about a year. It looks like we need to make some changes to the WMCS mailservers, maybe toolforge mailservers, and toolserver_legacy.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

actually looks like profile::mail::smarthost only gets used in labs

Looks like we don't have acme-chief setup in toolsbeta or cloudinfra, or toolserver-legacy

Andrew triaged this task as Medium priority.May 19 2020, 4:11 PM

I set up acme-chief in the cloudinfra project.

Change 655761 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] tlsproxy::localssl: Remove support for the acme_subjects param

https://gerrit.wikimedia.org/r/655761

Change 655762 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Remove the 'letsencrypt' module

https://gerrit.wikimedia.org/r/655762

Change 655761 merged by Andrew Bogott:
[operations/puppet@production] tlsproxy::localssl: Remove support for the acme_subjects param

https://gerrit.wikimedia.org/r/655761

Change 655762 merged by Andrew Bogott:
[operations/puppet@production] Remove the 'letsencrypt' module

https://gerrit.wikimedia.org/r/655762