Page MenuHomePhabricator

Fix access to (URL without www) caused by expired certificate in server fabula
Closed, ResolvedPublic

Assigned To
Authored By
Feb 8 2021, 12:29 PM
Referenced Files
"Burninate" token, awarded by YacineBoussoufa."Burninate" token, awarded by valerio.bozzolan.


Our dear user @YacineBoussoufa reported that you cannot access the non-www version of the Wikimedia Italia website:

Websites prove their identity via certificates, which are valid for a set time period. The certificate for expired on 10/17/2020.

This should be fixed because some people access the website manually typing the URL without www and should not see a very-big and scaring warning about the kidnapping of your browser ecc.

NOTE: Actually the DNS record points to the server wmi-fabula while the points to our provider. So this is our fault.

Event Timeline

I've just deployed a new small configuration for Apache HTTPd in server fabula and in some seconds the related configuration in rWIIN wikimedia-it-wmit-infrastructure will be connected here.

The new configuration relies on the fact that the path is not redirected and instead it's served by /var/www/html/.well-known so Let's Encrypt can push temporary files even if we redirect the user to another server.

So the SSL certificate was simply deployed with Let's Encrypt as follow:

$ certbot certonly --webroot --webroot-path=/var/www/html -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1):
Obtaining a new certificate

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2021-05-09. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF: