Page MenuHomeSoftware Heritage

Migrate TLS certificates away from the *.softwareheritage.org wildcards
Open, WishlistPublic

Description

Our wildcard certificates are expiring in October 2018.

We're going to need to replace those certificates, probably with Let's Encrypt.

Here's the domains that are currently doing TLS:

pergamon:

  • annex.softwareheritage.org
  • debian.softwareheritage.org
  • docs.softwareheritage.org
  • stats.export.softwareheritage.org
  • icinga.softwareheritage.org

tate:

  • forge.softwareheritage.org
  • git.softwareheritage.org
  • intranet.softwareheritage.org
  • wg.softwareheritage.org
  • wiki.softwareheritage.org

moma:

  • archive.softwareheritage.org
  • deposit.softwareheritage.org

gandi:

  • sponsors.softwareheritage.org
  • sponsorship.softwareheritage.org
  • status.softwareheritage.org
  • testimonials.softwareheritage.org
  • www.softwareheritage.org
  • www-dev.softwareheritage.org
  • softwareheritage.org

Event Timeline

olasd created this task.Mar 1 2018, 2:43 PM
olasd triaged this task as Low priority.
olasd raised the priority of this task from Low to High.Sep 12 2018, 5:50 PM

Changing priority due to the impending deadline.

What's the status of this task? October is long gone now, so either the problem has been (temporarily) fixed or it was not really a problem (?)

I guess in both cases, this task priority could be reduced. And the description explicitly modified to 'migrate to letsencrypt/dehydrated' or so.

ftigeot lowered the priority of this task from High to Wishlist.EditedNov 23 2018, 3:04 PM

I did some experiments with Letsencrypt but other things were more urgent during the September-October 2018 period and in the end a wildcard Digicert certificate was used again instead.

Most of our SSL servers currently use a single wildcard certificate and this should probably be changed independently of a move to a Letsencrypt/non-Digicert solution.