Ticket #820 (closed maintenance: fixed)

Opened 2 years ago

Last modified 22 months ago

*.transitionnetwork.org 2015 security certificate

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Live server Keywords:
Cc: ade Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 0


The current wild-card *.transitionnetwork.org cert will run out on 24th Jan, this is a ticket to track the time spent renewing it.

See also ticket:795, SHA1 Deprecation: Regenerate all certs using SHA256.

Change History

comment:1 Changed 22 months ago by ed

  • Cc ade added; ed removed

replacing Ed with ADE as cc

comment:2 Changed 22 months ago by ed

This being done at around the same time as ticket #826

comment:3 Changed 22 months ago by chris

For info see:

Following last years steps on PenguinServer, ticket:685#comment:2 with SHA256 updates, see https://wiki.gandi.net/en/ssl/csr

sudo -i
cd /etc/ssl/transitionnetwork.org
mkdir 2015
chmod 700 2014
cd 2015
openssl req -nodes -newkey rsa:2048 -sha256 -keyout transitionnetwork.org.key -out transitionnetwork.org.csr
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Transition Network
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.transitionnetwork.org         
Email Address []:webproject@transitionnetwork.org
chmod 600 *.*

The next step is one for Ed / Ade:

Please log into your handle EM7826-GANDI and visit the following URL
in order to view its status and complete the verification steps to
prove you have control of the domain:


comment:4 Changed 22 months ago by ed

Followed Chris' steps - got an error message "ERROR: you cannot cancel this operation".

Checked the SSL status in the account and it all looks fine.

Chris please confirm this is all good for you

comment:5 Changed 22 months ago by chris

  • Status changed from new to closed
  • Resolution set to fixed

Yes all is good, not sure why they said that step was needed, seems it wasn't -- the cert has come through, I'll follow up the deployment on ticket:795, note no time has been added to ticket as the time to generate the CSR and get the cert has been invoiced with the cert cost by Webarchitects (£10).

Note: See TracTickets for help on using tickets.