Ticket #687 (closed maintenance: fixed)

Opened 3 years ago

Last modified 3 years ago

Set up cert expiry date checking for all SSL certs

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Parrot server Keywords:
Cc: sam, ed Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 0.5

Description

Last month the *.transitionnetwork.org cert expired before it was replaced with a new one and users therefore got warnings for around half a day, see ticket:685.

A script to check the expiry dates was set up on wiki:PuffinServer on ticket:685#comment:9 and this ticket is to document setting this up for wiki:PenguinServer and wiki:ParrotServer.

Change History

comment:1 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.5
  • Total Hours changed from 0.0 to 0.5

ssl-cert-check was already installed on wiki:PenguinServer it's wiki:PuffinServer and wiki:ParrotServer which don't have it installed.

On wiki:ParrotServer:

sudo -i
aptitude install ssl-cert-check

These cron jobs were added:

30 09 * * * ssl-cert-check -qac "/etc/ssl/wsh/cert.pem" -e "chris@webarchitects.co.uk"
31 09 * * * ssl-cert-check -qac "/etc/ssl/wsh/movie_cert.pem" -e "chris@webarchitects.co.uk"

And they were also manually run, these email was the result:

From: root <root@parrot.webarch.net>
Date: Mon, 03 Feb 2014 13:46:17 +0000
To: chris@webarchitects.co.uk
Subject: Certificate for FILE "(CN: intransitionmovie.com)" will expire in 30-days or less


The SSL certificate for FILE "(CN: intransitionmovie.com)" will expire on Feb 24 23:59:59 2014 GMT

So that proves it working, the last time we go a new cert for this site was on ticket:497 however I'm not sure if we want to renew it this time, see ticket:538#comment:8 I'll follow this up on that ticket.

On wiki:PuffinServer:

aptitude install ssl-cert-check

And this was added to my crontab (as the root crontab is clobbered by BOA):

export EDITOR=vim
crontab -e -u chris
# ssl cert check
32 09 * * * sudo ssl-cert-check -qac "/etc/ssl/transitionnetwork.org/transitionnetwork.org.crt" -e "chris@webarchitects.co.uk"

comment:2 Changed 3 years ago by chris

  • Status changed from new to closed
  • Resolution set to fixed

Movie cert check on wiki:ParrotServer has been removed as we are not updating that and the site has been archived and moved to wiki:PenguinServer.

Last edited 3 years ago by chris (previous) (diff)
Note: See TracTickets for help on using tickets.