Re: [EMERGENCY FREEZE BREAK] Temporarily fix fedorapeople.org SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I just did this to stop Ansible from overwriting my changes.  Revert my commit whenever the certificate is renewed/replaced.

diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml
index d6f296fe54..0b620115f8 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -21,11 +21,11 @@
   - packages
   - people
 
-- name: install main httpd config
-  template: src="" dest=/etc/httpd/conf.d/people.conf
-  tags:
-  - people
-  - sslciphers
+#- name: install main httpd config
+#  template: src="" dest=/etc/httpd/conf.d/people.conf
+#  tags:
+#  - people
+#  - sslciphers
 
 - name: install httpd config
   copy: src="" dest=/etc/httpd/conf.d/{{item}}

On Fri, Oct 7, 2022 at 1:38 PM Nick Bebout <nick@xxxxxxxxxx> wrote:
I don't think we can (easily) make it keep renewing the Let's Encrypt cert, as LE requires DNS validation for wildcard certs.  I did the validation manually.  I could probably patch Ansible to not overwrite my config changes, if we want to go that route.

On Fri, Oct 7, 2022 at 10:39 AM Stephen Smoogen <ssmoogen@xxxxxxxxxx> wrote:


On Fri, 7 Oct 2022 at 11:28, Nick Bebout <nick@xxxxxxxxxx> wrote:
fedorapeople.org's wildcard SSL cert expired.  I generated a Let's Encrypt wildcard cert using a DNS challenge and copied that to fedorapeople and edited the /etc/httpd/conf.d/people.conf file to point to the LE cert.  I did this as an emergency fix to get the web server accessible again.  I did not change anything in Ansible for this emergency fix.

Hopefully no one will run the people playbook before the regular cert gets renewed, or my changes will be overwritten.


OK. Thanks for doing this. What would it take to make this permanent on the server? 
+1

 
I think I need to ask for 2 (after the fact) +1's.

nb
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


--
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux