⚓ T654 Apply Let's encrypt SSL certificates for *.nasqueron.org

Status	Assigned	Task
Resolved	dereckson	T822 SSL certificates: migrate from Startcom to Let's encrypt
Resolved	dereckson	T654 Apply Let's encrypt SSL certificates for *.nasqueron.org
Resolved	dereckson	T655 setup.nasqueron.org SSL compliance
Resolved	dereckson	T659 Install letsencrypt on Dwellers
Resolved	dereckson	T679 Generate a SSL certificate for new Dwellers nasqueron.org services
Resolved	dereckson	T681 Deployed SSL certificates on mail.*
Resolved	dereckson	T848 hotglue.nasqueron.org serves http:// content
Resolved	dereckson	T849 https://trustspace.nasqueron.org/css/trustspace.css serves http:// content
Wontfix	dereckson	T853 Deploy a Let's encrypt certificate to the Mumble server
Resolved	dereckson	T854 Write a Let's encrypt web server configuration checker
Resolved	dereckson	T559 SSL certificate for docker.nasqueron.org
Wontfix	dereckson	T606 Create a let's encrypt certificate generator jail
Resolved	dereckson	T971 Fix nginx configuration for commons.nasqueron.org to allow Let's encrypt

dereckson created this task.Jan 5 2016, 18:58

dereckson updated the task description. (Show Details)

dereckson moved this task from Backlog to Working on on the Servers board.

dereckson renamed this task from Generate Let's encrypt server for nasqueron.org to Apply Let's encrypt SSL certificates for *.nasqueron.org.Jan 5 2016, 19:07

dereckson reopened subtask T655: setup.nasqueron.org SSL compliance as Open.Jan 5 2016, 19:12

dereckson closed subtask T655: setup.nasqueron.org SSL compliance as Resolved.

The 2016-01-05 series works.

dereckson updated the task description. (Show Details)Jan 7 2016, 16:58

dereckson updated the task description. (Show Details)

dereckson reopened subtask T659: Install letsencrypt on Dwellers as Open.Jan 7 2016, 17:39

dereckson closed subtask T659: Install letsencrypt on Dwellers as Resolved.Jan 7 2016, 17:49

I've generated and deployed a temporary mega certificate:

DOMAINS="-d databases.nasqueron.org -d database.nasqueron.org -d db.nasqueron.org -d labs.nasqueron.org -d docker.nasqueron.org -d quux.nasqueron.org -d tools51.nasqueron.org -d tools51.dereckson.be -d devcentral51.nasqueron.org -d db51.nasqueron.org -d docker51.nasqueron.org -d packages.nasqueron.org -d composer.packages.nasqueron.org -d www51.nasqueron.org -d api51.nasqueron.org"  
DIR=/var/letsencrypt-auto

letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=$DIR $DOMAINS

dereckson added a subtask: T679: Generate a SSL certificate for new Dwellers nasqueron.org services.Jan 19 2016, 04:44

dereckson closed subtask T679: Generate a SSL certificate for new Dwellers nasqueron.org services as Resolved.Jan 20 2016, 14:10

Added domains from Dwellers /etc/nginx.conf.

dereckson updated the task description. (Show Details)Jan 20 2016, 14:38

dereckson added a subtask: T681: Deployed SSL certificates on mail.*.

dereckson updated the task description. (Show Details)

dereckson updated the task description. (Show Details)Jan 20 2016, 14:40

I've generated a SSL certificate valid for all the remaining domains hosted by Dwellers.

$ letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=/www -d phabricator.nasqueron.org -d servers.nasqueron.org -d server.nasqueron.org -d serveur.nasqueron.org -d serveurs.nasqueron.org -d white-rabbit.nasqueron.org -d status.nasqueron.org

dereckson updated the task description. (Show Details)Jan 20 2016, 14:57

dereckson mentioned this in T784: Set up let's encrypt certificates renewal.Mar 16 2016, 01:45

dereckson created subtask T848: hotglue.nasqueron.org serves http:// content.Jun 3 2016, 17:06

dereckson closed subtask T848: hotglue.nasqueron.org serves http:// content as Resolved.Jun 3 2016, 18:02

dereckson created subtask T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content.Jun 3 2016, 21:30

dereckson closed subtask T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content as Resolved.Jun 4 2016, 00:58

Following work this week by @Sandlayth (Dwellers) and me (Ysul), all *.nasqueron.org sites are migrated to Let's encrypt certificates.

The only two remaining operations are:

to check the Mumble server
to migrate this "chain" certificate to smaller certificates

In T654#6389, @dereckson wrote:

I've generated and deployed a temporary mega certificate:

DOMAINS="-d databases.nasqueron.org -d database.nasqueron.org -d db.nasqueron.org -d labs.nasqueron.org -d docker.nasqueron.org -d quux.nasqueron.org -d tools51.nasqueron.org -d tools51.dereckson.be -d devcentral51.nasqueron.org -d db51.nasqueron.org -d docker51.nasqueron.org -d packages.nasqueron.org -d composer.packages.nasqueron.org -d www51.nasqueron.org -d api51.nasqueron.org"  
DIR=/var/letsencrypt-auto

letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=$DIR $DOMAINS