Vgutierrez (Valentín Gutiérrez)
Traffic Security Engineer

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Feb 12 2018, 9:51 AM (35 w, 3 d)
Availability
Available
IRC Nick
vgutierrez
LDAP User
Vgutierrez
MediaWiki User
Unknown

Recent Activity

Yesterday

Vgutierrez triaged T207389: Rename the Certcentral project as Normal priority.
Thu, Oct 18, 2:05 PM · Certcentral

Wed, Oct 17

Vgutierrez moved T207090: Requesting deployment access to servers for Performance Team task for perf-roots from Untriaged to SRE Meeting Review Required on the SRE-Access-Requests board.
Wed, Oct 17, 10:15 AM · Operations, SRE-Access-Requests
Vgutierrez added a comment to T207090: Requesting deployment access to servers for Performance Team task for perf-roots.

Thanks! this needs to be approved in next Monday SRE meeting

Wed, Oct 17, 10:15 AM · Operations, SRE-Access-Requests
Vgutierrez moved T206612: Requesting access to servers for Release Engineering tasks for Lars Wirzenius from Awaiting User Input to SRE Meeting Review Required on the SRE-Access-Requests board.
Wed, Oct 17, 10:13 AM · Patch-For-Review, Operations, SRE-Access-Requests
Vgutierrez added a comment to T206612: Requesting access to servers for Release Engineering tasks for Lars Wirzenius.

Access will be granted after approval on next Monday SRE meeting

Wed, Oct 17, 10:12 AM · Patch-For-Review, Operations, SRE-Access-Requests

Tue, Oct 16

Vgutierrez triaged T207178: logstash HTTP Basic Auth prompt says "WMF Labs" as Normal priority.
Tue, Oct 16, 3:52 PM · Patch-For-Review, Operations, Wikimedia-Logstash
Vgutierrez triaged T207090: Requesting deployment access to servers for Performance Team task for perf-roots as Normal priority.
Tue, Oct 16, 10:34 AM · Operations, SRE-Access-Requests

Mon, Oct 15

Vgutierrez added a watcher for Certcentral: Vgutierrez.
Mon, Oct 15, 10:38 AM

Mon, Oct 8

Vgutierrez removed a project from T206461: Provide a Let's Encrypt ACME v2 staging environment account: Patch-For-Review.
Mon, Oct 8, 2:57 PM · Traffic, Operations
Vgutierrez added a comment to T206461: Provide a Let's Encrypt ACME v2 staging environment account.

private key committed into our private repo.

Mon, Oct 8, 2:56 PM · Traffic, Operations
Vgutierrez triaged T206461: Provide a Let's Encrypt ACME v2 staging environment account as Normal priority.
Mon, Oct 8, 1:43 PM · Traffic, Operations
Vgutierrez closed T206308: Create VMs for certcentral hosts, a subtask of T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management, as Resolved.
Mon, Oct 8, 11:13 AM · Certcentral, Patch-For-Review, Traffic, Operations, Goal
Vgutierrez closed T206308: Create VMs for certcentral hosts as Resolved.

VMs delivered, added in puppet as spare systems till certcentral puppetization is ready to go

Mon, Oct 8, 11:13 AM · Certcentral, Patch-For-Review, vm-requests, Traffic, Operations

Fri, Oct 5

Vgutierrez added a comment to T206308: Create VMs for certcentral hosts.

certcentral1001 created with the following cmd:

sudo gnt-instance add -t drbd -I hail --net 0:link=private --hypervisor-parameters=kvm:boot_order=network -o debootstrap+default --no-install -g row_C -B vcpus=1,memory=2g --disk 0:size=10g certcentral1001.eqiad.wmnet

certcentral2001 created with the following cmd:

sudo gnt-instance add -t drbd -I hail --net 0:link=private --hypervisor-parameters=kvm:boot_order=network -o debootstrap+default --no-install -g row_A -B vcpus=1,memory=2g --disk 0:size=10g certcentral2001.codfw.wmnet
Fri, Oct 5, 12:24 PM · Certcentral, Patch-For-Review, vm-requests, Traffic, Operations
Vgutierrez claimed T206308: Create VMs for certcentral hosts.
Fri, Oct 5, 10:36 AM · Certcentral, Patch-For-Review, vm-requests, Traffic, Operations
Vgutierrez moved T206308: Create VMs for certcentral hosts from Triage to Hardware on the Traffic board.
Fri, Oct 5, 10:27 AM · Certcentral, Patch-For-Review, vm-requests, Traffic, Operations
Vgutierrez triaged T206308: Create VMs for certcentral hosts as Normal priority.
Fri, Oct 5, 10:26 AM · Certcentral, Patch-For-Review, vm-requests, Traffic, Operations

Thu, Oct 4

Vgutierrez committed rOSCC4a67086fc6db: Detect when cert config changes and re-issue (authored by Krenair).
Detect when cert config changes and re-issue
Thu, Oct 4, 10:27 AM
Vgutierrez committed rOSCCd010788b691b: Detect when cert config changes and re-issue (authored by Krenair).
Detect when cert config changes and re-issue
Thu, Oct 4, 10:03 AM

Wed, Oct 3

Vgutierrez closed T205970: lvs2009/lvs2010 with no RAID configured as Resolved.
Wed, Oct 3, 7:08 PM · Traffic, Operations
Vgutierrez closed T205970: lvs2009/lvs2010 with no RAID configured, a subtask of T136562: Audit/fix hosts with no RAID configured, as Resolved.
Wed, Oct 3, 7:08 PM · Patch-For-Review, Operations
Vgutierrez added a comment to T205970: lvs2009/lvs2010 with no RAID configured.

Thanks @Papaul!

Wed, Oct 3, 7:08 PM · Traffic, Operations
Vgutierrez committed rOSCC9fee84aa0217: Detect when cert config changes and re-issue (authored by Krenair).
Detect when cert config changes and re-issue
Wed, Oct 3, 3:12 PM
Vgutierrez committed rOSCCf8f9796ce13b: Detect when cert config changes and re-issue (authored by Krenair).
Detect when cert config changes and re-issue
Wed, Oct 3, 2:58 PM
Vgutierrez added a comment to T205970: lvs2009/lvs2010 with no RAID configured.

@Papaul as soon as https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/464156/ gets merged :)

Wed, Oct 3, 2:44 PM · Traffic, Operations
Vgutierrez committed rOSCCc81e729e11be: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Wed, Oct 3, 12:16 PM
Vgutierrez committed rOSCCb813468eb3ef: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Wed, Oct 3, 12:01 PM
Vgutierrez committed rOSCC1af7e7cb0972: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Wed, Oct 3, 11:56 AM
Vgutierrez added a comment to T205970: lvs2009/lvs2010 with no RAID configured.

@Papaul that's right, reinstalling both servers would be the fastest/safest approach :)

Wed, Oct 3, 8:33 AM · Traffic, Operations

Tue, Oct 2

Vgutierrez added a comment to T205970: lvs2009/lvs2010 with no RAID configured.

Looks like the culprit is https://github.com/wikimedia/puppet/blob/production/modules/install_server/files/autoinstall/netboot.cfg#L126-L127:

lvs100[7-9]|lvs101[012]|lvs2*) echo partman/flat.cfg ;; \
lvs100[1-6]|lvs101[3-6]|lvs[345]*|lvs2009|lvs2010) echo partman/raid1-lvm.cfg ;; \
Tue, Oct 2, 1:27 PM · Traffic, Operations
Vgutierrez committed rOSCCfcda72e84514: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Tue, Oct 2, 1:20 PM
Vgutierrez committed rOSCC6eb59ebce694: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Tue, Oct 2, 1:08 PM
Vgutierrez moved T205970: lvs2009/lvs2010 with no RAID configured from Triage to Hardware on the Traffic board.
Tue, Oct 2, 12:32 PM · Traffic, Operations
Vgutierrez triaged T205970: lvs2009/lvs2010 with no RAID configured as High priority.
Tue, Oct 2, 12:32 PM · Traffic, Operations
Vgutierrez committed rOSCC5ed0b94737b2: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Tue, Oct 2, 9:51 AM

Mon, Oct 1

RandomDSdevel awarded T196371: Provide a multi-language user-faced warning regarding AES128-SHA deprecation a Piece of Eight token.
Mon, Oct 1, 12:52 AM · User-notice, User-Johan, Operations, Traffic
RandomDSdevel awarded T147202: Removing support for AES128-SHA TLS cipher a Grey Medal token.
Mon, Oct 1, 12:52 AM · Patch-For-Review, User-notice, Operations, Traffic

Fri, Sep 28

Vgutierrez moved T205378: Enable ESNI support on Wikimedia servers from Triage to TLS on the Traffic board.
Fri, Sep 28, 12:52 PM · Upstream, HTTPS, Operations, Traffic

Thu, Sep 27

Vgutierrez closed T196691: rack/setup/install dns100[12].wikimedia.org as Resolved.
Thu, Sep 27, 3:03 PM · Patch-For-Review, DNS, Operations, Traffic

Sep 7 2018

Vgutierrez committed rOSCCa75e2725bab5: Make configurable the cmd executed to perform a DNS zone update (authored by Vgutierrez).
Make configurable the cmd executed to perform a DNS zone update
Sep 7 2018, 10:27 AM
Vgutierrez committed rOSCCdf86da9fc425: Make configurable the cmd executed to perform a DNS zone update (authored by Vgutierrez).
Make configurable the cmd executed to perform a DNS zone update
Sep 7 2018, 10:13 AM
Vgutierrez moved T203678: certcentral: Make configurable the cmd executed to perform a DNS zone update from Triage to TLS on the Traffic board.
Sep 7 2018, 8:47 AM · Certcentral, Patch-For-Review, Traffic, Operations

Sep 6 2018

Vgutierrez triaged T203678: certcentral: Make configurable the cmd executed to perform a DNS zone update as Normal priority.
Sep 6 2018, 3:14 PM · Certcentral, Patch-For-Review, Traffic, Operations
Vgutierrez committed rOSCC1df91a4c009e: Allow specifying a list of dns servers for dns-01 validation purposes (authored by Vgutierrez).
Allow specifying a list of dns servers for dns-01 validation purposes
Sep 6 2018, 2:25 PM
Vgutierrez committed rOSCCd76406d7cd6a: README: provide configuration file examples (authored by Vgutierrez).
README: provide configuration file examples
Sep 6 2018, 8:38 AM
Vgutierrez committed rOSCCc51fce4ef16f: Rename certcentral_api to just api (authored by Vgutierrez).
Rename certcentral_api to just api
Sep 6 2018, 8:32 AM

Sep 4 2018

Vgutierrez added a comment to T203422: certcentral: phantom test failure around challenge success.

As mentioned in https://gerrit.wikimedia.org/r/457915, performing a string strip() operation on a bunch of bytes that are actually a DNS query it's a pretty bad idea and it was breaking the DNS query parsing every time that a strippable character was there (0x00, 0x0a, 0x0d and so on...)

Sep 4 2018, 2:30 PM · Certcentral, Patch-For-Review, Traffic, Operations
Vgutierrez committed rOSCC5873d8430b15: Fix DNS server input parsing (authored by Vgutierrez).
Fix DNS server input parsing
Sep 4 2018, 2:24 PM
Vgutierrez added a comment to T203422: certcentral: phantom test failure around challenge success.

Same happens with http-01 validation, but in this case pebble output is more helpful cause it's more verbose:

expected pebble output during http-01 validation
Pebble 2018/09/04 15:26:01 POST /order-plz -> calling handler()
Pebble 2018/09/04 15:26:01 There are now 1 authorizations in the db
Pebble 2018/09/04 15:26:01 Added order "pagqg8osAnYjUbGWV_SMFQOHG6pLTryXuV2HtLIQsG4" to the db
Pebble 2018/09/04 15:26:01 There are now 1 orders in the db
Pebble 2018/09/04 15:26:01 GET /authZ/wKjNKjeMK3Rxg81KpHBZccCIv_y9XmxUHhPMKF51ogQ -> calling handler()
Pebble 2018/09/04 15:26:01 POST /chalZ/wMRnkyfLZsYhd0wRDwmMfpRjq2OyFTe1qGFqBElHuSA -> calling handler()
Pebble 2018/09/04 15:26:01 Pulled a task from the Tasks queue: &va.vaTask{Identifier:"certcentraltest.beta.wmflabs.org", Challenge:(*core.Challenge)(0xc420494140), Account:(*core.Account)(0xc42020e190)}
Pebble 2018/09/04 15:26:01 Starting 3 validations.
Pebble 2018/09/04 15:26:01 Attempting to validate w/ HTTP: http://certcentraltest.beta.wmflabs.org:63631/.well-known/acme-challenge/1NOEfEks_NxlNfS7hkm4Ru61R9T3Zm8FUqX3gpUUNgY
Pebble 2018/09/04 15:26:01 Attempting to validate w/ HTTP: http://certcentraltest.beta.wmflabs.org:63631/.well-known/acme-challenge/1NOEfEks_NxlNfS7hkm4Ru61R9T3Zm8FUqX3gpUUNgY
Pebble 2018/09/04 15:26:01 Attempting to validate w/ HTTP: http://certcentraltest.beta.wmflabs.org:63631/.well-known/acme-challenge/1NOEfEks_NxlNfS7hkm4Ru61R9T3Zm8FUqX3gpUUNgY
Pebble 2018/09/04 15:26:01 authz wKjNKjeMK3Rxg81KpHBZccCIv_y9XmxUHhPMKF51ogQ set VALID by completed challenge wMRnkyfLZsYhd0wRDwmMfpRjq2OyFTe1qGFqBElHuSA
Pebble 2018/09/04 15:26:01 GET /authZ/wKjNKjeMK3Rxg81KpHBZccCIv_y9XmxUHhPMKF51ogQ -> calling handler()
Pebble 2018/09/04 15:26:01 POST /finalize-order/pagqg8osAnYjUbGWV_SMFQOHG6pLTryXuV2HtLIQsG4 -> calling handler()
Pebble 2018/09/04 15:26:01 Order pagqg8osAnYjUbGWV_SMFQOHG6pLTryXuV2HtLIQsG4 is fully authorized. Processing finalization
Pebble 2018/09/04 15:26:01 Issued certificate serial 7d4ad2802c396f68 for order pagqg8osAnYjUbGWV_SMFQOHG6pLTryXuV2HtLIQsG4
Pebble 2018/09/04 15:26:02 GET /my-order/pagqg8osAnYjUbGWV_SMFQOHG6pLTryXuV2HtLIQsG4 -> calling handler()
Pebble 2018/09/04 15:26:02 GET /certZ/7d4ad2802c396f68 -> calling handler()
actual Pebble output when the issue is triggered
Pebble 2018/09/04 15:26:02 POST /order-plz -> calling handler()
Pebble 2018/09/04 15:26:02 There are now 2 authorizations in the db
Pebble 2018/09/04 15:26:02 Added order "m-hivcn2X6gRCs86vGumpmMV7gFLzWSb75pNWoQiS-Q" to the db
Pebble 2018/09/04 15:26:02 There are now 2 orders in the db
Pebble 2018/09/04 15:26:02 GET /authZ/JSjNECPiG1iJVok7xpHaMhDeopbte9ihYHT-BskD4YY -> calling handler()
Pebble 2018/09/04 15:26:03 POST /chalZ/mz3FJ4acqg5FDd9XqYgbnDbI32YqNysCyGvOdWaOEu4 -> calling handler()
Pebble 2018/09/04 15:26:03 Pulled a task from the Tasks queue: &va.vaTask{Identifier:"certcentraltest.beta.wmflabs.org", Challenge:(*core.Challenge)(0xc4203c0320), Account:(*core.Account)(0xc42020e190)}
Pebble 2018/09/04 15:26:03 Starting 3 validations.
Pebble 2018/09/04 15:26:03 Attempting to validate w/ HTTP: http://certcentraltest.beta.wmflabs.org:63631/.well-known/acme-challenge/IgoSIUssFj5SnRIymAXZ33qDgULW7t83VkY-ELUE_6A
Pebble 2018/09/04 15:26:03 Attempting to validate w/ HTTP: http://certcentraltest.beta.wmflabs.org:63631/.well-known/acme-challenge/IgoSIUssFj5SnRIymAXZ33qDgULW7t83VkY-ELUE_6A
Pebble 2018/09/04 15:26:03 Attempting to validate w/ HTTP: http://certcentraltest.beta.wmflabs.org:63631/.well-known/acme-challenge/IgoSIUssFj5SnRIymAXZ33qDgULW7t83VkY-ELUE_6A
Pebble 2018/09/04 15:26:03 GET /authZ/JSjNECPiG1iJVok7xpHaMhDeopbte9ihYHT-BskD4YY -> calling handler()
Pebble 2018/09/04 15:26:04 GET /authZ/JSjNECPiG1iJVok7xpHaMhDeopbte9ihYHT-BskD4YY -> calling handler()
Pebble 2018/09/04 15:26:05 GET /authZ/JSjNECPiG1iJVok7xpHaMhDeopbte9ihYHT-BskD4YY -> calling handler()
Pebble 2018/09/04 15:26:06 GET /authZ/JSjNECPiG1iJVok7xpHaMhDeopbte9ihYHT-BskD4YY -> calling handler()
Sep 4 2018, 1:34 PM · Certcentral, Patch-For-Review, Traffic, Operations
Vgutierrez added a comment to T203422: certcentral: phantom test failure around challenge success.

I've been working under the assumption that basically our client was too aggressive and some times pebbles wasn't quick enough, but apparently it's getting stuck during the validation process.

expected Pebble output during a dns-01 validation
Pebble 2018/09/04 15:05:02 POST /order-plz -> calling handler()
Pebble 2018/09/04 15:05:02 There are now 1 authorizations in the db
Pebble 2018/09/04 15:05:02 Added order "S6WG-J1sW9zP-m2R0dtrZmd7nalSnPfUR2A6EMOkLYM" to the db
Pebble 2018/09/04 15:05:02 There are now 1 orders in the db
Pebble 2018/09/04 15:05:02 GET /authZ/w8A7y8Ec4ftFeanaw-8smdU-mfvmceKK5YPHzn-Cg0I -> calling handler()
Pebble 2018/09/04 15:05:02 POST /chalZ/y6Mx8s7js2INfDotUw6hJ8EtduNx9i1nWA3tpMKqFVg -> calling handler()
Pebble 2018/09/04 15:05:02 Pulled a task from the Tasks queue: &va.vaTask{Identifier:"certcentraltest.beta.wmflabs.org", Challenge:(*core.Challenge)(0xc420372320), Account:(*core.Account)(0xc420012190)}
Pebble 2018/09/04 15:05:02 Starting 3 validations.
Pebble 2018/09/04 15:05:02 authz w8A7y8Ec4ftFeanaw-8smdU-mfvmceKK5YPHzn-Cg0I set VALID by completed challenge y6Mx8s7js2INfDotUw6hJ8EtduNx9i1nWA3tpMKqFVg
Pebble 2018/09/04 15:05:02 GET /authZ/w8A7y8Ec4ftFeanaw-8smdU-mfvmceKK5YPHzn-Cg0I -> calling handler()
Pebble 2018/09/04 15:05:02 POST /finalize-order/S6WG-J1sW9zP-m2R0dtrZmd7nalSnPfUR2A6EMOkLYM -> calling handler()
Pebble 2018/09/04 15:05:02 Order S6WG-J1sW9zP-m2R0dtrZmd7nalSnPfUR2A6EMOkLYM is fully authorized. Processing finalization
Pebble 2018/09/04 15:05:02 Issued certificate serial 7286966dfc7b0b0c for order S6WG-J1sW9zP-m2R0dtrZmd7nalSnPfUR2A6EMOkLYM
Sep 4 2018, 1:14 PM · Certcentral, Patch-For-Review, Traffic, Operations

Sep 3 2018

Vgutierrez committed rOSCCe30e154ce48b: README: provide configuration file examples (authored by Vgutierrez).
README: provide configuration file examples
Sep 3 2018, 3:28 PM
Vgutierrez added a comment to T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management.

With the two users approach (certcentral / www-data) we just stop nginx from writing in /etc/certcentral. We should also consider that certcentral will need permissions to spawn the DNS update zone script, and I don't see any reasons to let nginx do that as well. IMHO the two users approach serves best to the principle of least privilege.

Sep 3 2018, 8:58 AM · Certcentral, Patch-For-Review, Traffic, Operations, Goal
Vgutierrez committed rOSCCc7cc20351408: Rename certcentral_api to just api (authored by Vgutierrez).
Rename certcentral_api to just api
Sep 3 2018, 8:57 AM
Vgutierrez committed rOSCC0b3db8cfe74e: Packaging stuff and readme (authored by Krenair).
Packaging stuff and readme
Sep 3 2018, 8:57 AM
Vgutierrez committed rOSCC174d18e92625: Packaging stuff and readme (authored by Krenair).
Packaging stuff and readme
Sep 3 2018, 8:31 AM

Aug 31 2018

Vgutierrez committed rOSCC394912e750d8: Provide logging (authored by Vgutierrez).
Provide logging
Aug 31 2018, 2:48 PM
Vgutierrez committed rOSCCafef4e57ca06: Provide logging (authored by Vgutierrez).
Provide logging
Aug 31 2018, 2:48 PM
Vgutierrez committed rOSCCfdfab3218e72: ACMERequests: Remove orders/challenges after a non-recoverable error (authored by Vgutierrez).
ACMERequests: Remove orders/challenges after a non-recoverable error
Aug 31 2018, 2:48 PM
Vgutierrez committed rOSCC97437593ca2d: Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
Validate challenges before pushing them to the ACME directory
Aug 31 2018, 2:48 PM
Vgutierrez committed rOSCC61b53444623e: Provide logging (authored by Vgutierrez).
Provide logging
Aug 31 2018, 2:45 PM
Vgutierrez committed rOSCC6dd65ac6ed33: ACMERequests: Remove orders/challenges after a non-recoverable error (authored by Vgutierrez).
ACMERequests: Remove orders/challenges after a non-recoverable error
Aug 31 2018, 2:45 PM
Vgutierrez committed rOSCCeae9ebbf0807: Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
Validate challenges before pushing them to the ACME directory
Aug 31 2018, 2:45 PM
Vgutierrez committed rOSCCefad6de45ca7: Provide logging (authored by Vgutierrez).
Provide logging
Aug 31 2018, 2:37 PM

Aug 29 2018

Vgutierrez committed rOSCC3afdab92b028: ACMERequests: Remove orders/challenges after a non-recoverable error (authored by Vgutierrez).
ACMERequests: Remove orders/challenges after a non-recoverable error
Aug 29 2018, 10:23 AM
Vgutierrez committed rOSCC38a90ce6d15b: ACMERequests: Remove orders/challenges after a non-recoverable error (authored by Vgutierrez).
ACMERequests: Remove orders/challenges after a non-recoverable error
Aug 29 2018, 10:23 AM
Vgutierrez committed rOSCCf82e6f854aac: Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
Validate challenges before pushing them to the ACME directory
Aug 29 2018, 9:53 AM
Vgutierrez committed rOSCC2b0b271b63f2: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 29 2018, 9:21 AM
Vgutierrez committed rOSCC7fef1c91425d: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 29 2018, 9:13 AM

Aug 28 2018

Vgutierrez committed rOSCCdaf9f85006e5: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 28 2018, 4:06 PM

Aug 27 2018

Vgutierrez committed rOSCCee4810c71cae: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 27 2018, 4:52 PM
Vgutierrez committed rOSCC29232c0261f6: Provide support in the API for different certificate save modes (authored by Vgutierrez).
Provide support in the API for different certificate save modes
Aug 27 2018, 4:52 PM
Vgutierrez committed rOSCCf2c066a7da71: Implement DNS01 challenge support (authored by Vgutierrez).
Implement DNS01 challenge support
Aug 27 2018, 4:52 PM
Vgutierrez committed rOSCC51ce6249bef4: Deliver certificates in every save mode (authored by Vgutierrez).
Deliver certificates in every save mode
Aug 27 2018, 4:52 PM
Vgutierrez committed rOSCCbebddae5e0d2: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 27 2018, 8:34 AM
Vgutierrez committed rOSCC8ad8b31be27b: Provide support in the API for different certificate save modes (authored by Vgutierrez).
Provide support in the API for different certificate save modes
Aug 27 2018, 8:34 AM
Vgutierrez committed rOSCC1da32e53e02b: Implement DNS01 challenge support (authored by Vgutierrez).
Implement DNS01 challenge support
Aug 27 2018, 8:34 AM
Vgutierrez committed rOSCC4c2c0fcdb604: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 27 2018, 8:20 AM
Vgutierrez committed rOSCC5ed02e7c42e4: Provide support in the API for different certificate save modes (authored by Vgutierrez).
Provide support in the API for different certificate save modes
Aug 27 2018, 8:20 AM
Vgutierrez committed rOSCC048b9599eca1: Implement DNS01 challenge support (authored by Vgutierrez).
Implement DNS01 challenge support
Aug 27 2018, 8:20 AM
Vgutierrez committed rOSCCfba3e5217001: Deliver certificates in every save mode (authored by Vgutierrez).
Deliver certificates in every save mode
Aug 27 2018, 8:20 AM
Vgutierrez committed rOSCC6376af4e3894: Certcentral integration tests (authored by Vgutierrez).
Certcentral integration tests
Aug 27 2018, 8:20 AM

Aug 24 2018

Vgutierrez committed rOSCC378c55628cfe: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 24 2018, 1:20 PM
Vgutierrez committed rOSCC7454520f06a4: [WIP] Validate challenges before pushing them to the ACME directory (authored by Vgutierrez).
[WIP] Validate challenges before pushing them to the ACME directory
Aug 24 2018, 1:11 PM
Vgutierrez committed rOSCC82a4830f37ca: Provide support in the API for different certificate save modes (authored by Vgutierrez).
Provide support in the API for different certificate save modes
Aug 24 2018, 12:23 PM
Vgutierrez committed rOSCC6e3ca0c6faae: Implement DNS01 challenge support (authored by Vgutierrez).
Implement DNS01 challenge support
Aug 24 2018, 12:04 PM
Vgutierrez committed rOSCCeff3dfe632f3: Deliver certificates in every save mode (authored by Vgutierrez).
Deliver certificates in every save mode
Aug 24 2018, 12:04 PM
Vgutierrez committed rOSCCddc92f069d28: Certcentral integration tests (authored by Vgutierrez).
Certcentral integration tests
Aug 24 2018, 12:04 PM
Vgutierrez committed rOSCC712afafc1550: Implement different Certificate.save() modes (authored by Vgutierrez).
Implement different Certificate.save() modes
Aug 24 2018, 12:04 PM
Vgutierrez committed rOSCC2a26339bea7c: Refactor certcentral.certificate_management() (authored by Vgutierrez).
Refactor certcentral.certificate_management()
Aug 24 2018, 12:04 PM
Vgutierrez committed rOSCC75918ed27e95: Implement DNS01 challenge support (authored by Vgutierrez).
Implement DNS01 challenge support
Aug 24 2018, 11:07 AM
Vgutierrez committed rOSCC4ce1ff6cd3ad: [WIP] Implement DNS01 challenge support (authored by Vgutierrez).
[WIP] Implement DNS01 challenge support
Aug 24 2018, 11:07 AM
Vgutierrez committed rOSCCc2ba502bff60: [WIP] Implement DNS01 challenge support (authored by Vgutierrez).
[WIP] Implement DNS01 challenge support
Aug 24 2018, 10:45 AM
Vgutierrez committed rOSCCf862b84522f2: [WIP] Implement DNS01 challenge support (authored by Vgutierrez).
[WIP] Implement DNS01 challenge support
Aug 24 2018, 9:37 AM
Vgutierrez committed rOSCCef6a6534caae: [WIP] Implement DNS01 challenge support (authored by Vgutierrez).
[WIP] Implement DNS01 challenge support
Aug 24 2018, 9:24 AM
Vgutierrez added a comment to T170606: Add Accept header to webrequest logs.

I've used logstash in the past to track TLS handshake parameters for a 0,10% of our traffic, and it already was a pretty big amount of data for what logstash expects. If it's a pretty small amount of requests logstash could be the easiest way, but it's not prepared to handle big amounts of traffic like our kafka infrastructure.

Aug 24 2018, 7:25 AM · Patch-For-Review, Analytics-Kanban, Operations, Traffic, Services (blocked), Analytics

Aug 23 2018

kostajh awarded Blog Post: Wikipedia goes 100% Forward Secret a Love token.
Aug 23 2018, 5:33 PM · Traffic
Vgutierrez committed rOSCC72b79376a917: [WIP] Implement DNS01 challenge support (authored by Vgutierrez).
[WIP] Implement DNS01 challenge support
Aug 23 2018, 4:00 PM
Vgutierrez committed rOSCC5e70cff0b1c7: Deliver certificates in every save mode (authored by Vgutierrez).
Deliver certificates in every save mode
Aug 23 2018, 11:17 AM
Vgutierrez committed rOSCC29e54b962eea: Deliver certificates in every save mode (authored by Vgutierrez).
Deliver certificates in every save mode
Aug 23 2018, 11:13 AM
Vgutierrez committed rOSCCce4f7d966175: Deliver certificates in every save mode (authored by Vgutierrez).
Deliver certificates in every save mode
Aug 23 2018, 11:09 AM