You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@whimsical.apache.org by sebb <se...@gmail.com> on 2020/01/08 01:26:26 UTC

Email address to be used when requesting SSL cert?

What email address should be used when requesting an SSL cert as per
DEPLOYMENT.md?

Would private@whimsical.a.o be suitable?

Sebb

Re: Email address to be used when requesting SSL cert?

Posted by sebb <se...@gmail.com>.

I resolved the issue by registering whimsy-test once the DNS had taken.

We'll need to update the cert once we're closer to switchover.

On Wed, 8 Jan 2020 at 20:43, sebb <se...@gmail.com> wrote:

> On Wed, 8 Jan 2020 at 15:45, Sam Ruby <ru...@intertwingly.net> wrote:
>
>> On Tue, Jan 7, 2020 at 8:50 PM sebb <se...@gmail.com> wrote:
>> >
>> > On Wed, 8 Jan 2020 at 01:34, Sam Ruby <ru...@intertwingly.net> wrote:
>> >
>> > > On Tue, Jan 7, 2020 at 8:26 PM sebb <se...@gmail.com> wrote:
>> > > >
>> > > > What email address should be used when requesting an SSL cert as per
>> > > > DEPLOYMENT.md?
>> > > >
>> > > > Would private@whimsical.a.o be suitable?
>> > >
>> > > Yes.  That's what I used last time.  See:
>> > >
>> > >
>> > Just tried it and there are several errors.
>> > This is probably partly because the https server is not yet running?
>> >
>> > The process also tries to access whimsy.apache.org and
>> > whimsy-test.apache.org.
>> > These are currently in use by the production server.
>> > I don't understand how the instructions can work whilst the existing
>> server
>> > is in use.
>> > I assume there must be a different process for migrating a server?
>>
>> You do need a running web server, and for the DNS entries to match this
>> machine.
>>
>> You can rerun this command at any time the DNS changes.
>
>
> I see.
>
>
>>
>>
> So, for now you could (for example) only set up whimsy-test.apache.org
>> (perhaps addressing your concern about people accidentally making
>> changes?) and later whimsy.a.o, whimsy-vm5.a.o, etc.
>>
>>
> Good idea, however whimsy-test currently points to the production server.
> I'll ask for that to be moved across.
>
> The server config includes the hostname whimsy5.a.o, but DNS is not set up.
> Is that necessary, or should we just drop the hostname from the config?
> (we still have whimsy-vm5 as a unique name).
>
>
>
>> > > /etc/letsencrypt/accounts/
>> > >
>> acme-v01.api.letsencrypt.org/directory/902441c9c015a8e7592bfe6cbaf5e735/regr.json
>> > >
>> > > {"body": {"contact": ["mailto:private@whimsical.apache.org"]...
>> > >
>> > > > Sebb
>> > >
>> > > - Sam Ruby
>>
>> - Sam Ruby
>>
>

Re: Email address to be used when requesting SSL cert?

Posted by sebb <se...@gmail.com>.

On Wed, 8 Jan 2020 at 15:45, Sam Ruby <ru...@intertwingly.net> wrote:

> On Tue, Jan 7, 2020 at 8:50 PM sebb <se...@gmail.com> wrote:
> >
> > On Wed, 8 Jan 2020 at 01:34, Sam Ruby <ru...@intertwingly.net> wrote:
> >
> > > On Tue, Jan 7, 2020 at 8:26 PM sebb <se...@gmail.com> wrote:
> > > >
> > > > What email address should be used when requesting an SSL cert as per
> > > > DEPLOYMENT.md?
> > > >
> > > > Would private@whimsical.a.o be suitable?
> > >
> > > Yes.  That's what I used last time.  See:
> > >
> > >
> > Just tried it and there are several errors.
> > This is probably partly because the https server is not yet running?
> >
> > The process also tries to access whimsy.apache.org and
> > whimsy-test.apache.org.
> > These are currently in use by the production server.
> > I don't understand how the instructions can work whilst the existing
> server
> > is in use.
> > I assume there must be a different process for migrating a server?
>
> You do need a running web server, and for the DNS entries to match this
> machine.
>
> You can rerun this command at any time the DNS changes.


I see.


>
>
So, for now you could (for example) only set up whimsy-test.apache.org
> (perhaps addressing your concern about people accidentally making
> changes?) and later whimsy.a.o, whimsy-vm5.a.o, etc.
>
>
Good idea, however whimsy-test currently points to the production server.
I'll ask for that to be moved across.

The server config includes the hostname whimsy5.a.o, but DNS is not set up.
Is that necessary, or should we just drop the hostname from the config?
(we still have whimsy-vm5 as a unique name).



> > > /etc/letsencrypt/accounts/
> > >
> acme-v01.api.letsencrypt.org/directory/902441c9c015a8e7592bfe6cbaf5e735/regr.json
> > >
> > > {"body": {"contact": ["mailto:private@whimsical.apache.org"]...
> > >
> > > > Sebb
> > >
> > > - Sam Ruby
>
> - Sam Ruby
>

Re: Email address to be used when requesting SSL cert?

Posted by Sam Ruby <ru...@intertwingly.net>.

On Tue, Jan 7, 2020 at 8:50 PM sebb <se...@gmail.com> wrote:
>
> On Wed, 8 Jan 2020 at 01:34, Sam Ruby <ru...@intertwingly.net> wrote:
>
> > On Tue, Jan 7, 2020 at 8:26 PM sebb <se...@gmail.com> wrote:
> > >
> > > What email address should be used when requesting an SSL cert as per
> > > DEPLOYMENT.md?
> > >
> > > Would private@whimsical.a.o be suitable?
> >
> > Yes.  That's what I used last time.  See:
> >
> >
> Just tried it and there are several errors.
> This is probably partly because the https server is not yet running?
>
> The process also tries to access whimsy.apache.org and
> whimsy-test.apache.org.
> These are currently in use by the production server.
> I don't understand how the instructions can work whilst the existing server
> is in use.
> I assume there must be a different process for migrating a server?

You do need a running web server, and for the DNS entries to match this machine.

You can rerun this command at any time the DNS changes.

So, for now you could (for example) only set up whimsy-test.apache.org
(perhaps addressing your concern about people accidentally making
changes?) and later whimsy.a.o, whimsy-vm5.a.o, etc.

> > /etc/letsencrypt/accounts/
> > acme-v01.api.letsencrypt.org/directory/902441c9c015a8e7592bfe6cbaf5e735/regr.json
> >
> > {"body": {"contact": ["mailto:private@whimsical.apache.org"]...
> >
> > > Sebb
> >
> > - Sam Ruby

- Sam Ruby

Re: Email address to be used when requesting SSL cert?

Posted by sebb <se...@gmail.com>.

On Wed, 8 Jan 2020 at 01:34, Sam Ruby <ru...@intertwingly.net> wrote:

> On Tue, Jan 7, 2020 at 8:26 PM sebb <se...@gmail.com> wrote:
> >
> > What email address should be used when requesting an SSL cert as per
> > DEPLOYMENT.md?
> >
> > Would private@whimsical.a.o be suitable?
>
> Yes.  That's what I used last time.  See:
>
>
Just tried it and there are several errors.
This is probably partly because the https server is not yet running?

The process also tries to access whimsy.apache.org and
whimsy-test.apache.org.
These are currently in use by the production server.
I don't understand how the instructions can work whilst the existing server
is in use.
I assume there must be a different process for migrating a server?

> /etc/letsencrypt/accounts/
> acme-v01.api.letsencrypt.org/directory/902441c9c015a8e7592bfe6cbaf5e735/regr.json
>
> {"body": {"contact": ["mailto:private@whimsical.apache.org"]...
>
> > Sebb
>
> - Sam Ruby
>

Re: Email address to be used when requesting SSL cert?

Posted by Sam Ruby <ru...@intertwingly.net>.

On Tue, Jan 7, 2020 at 8:26 PM sebb <se...@gmail.com> wrote:
>
> What email address should be used when requesting an SSL cert as per
> DEPLOYMENT.md?
>
> Would private@whimsical.a.o be suitable?

Yes.  That's what I used last time.  See:

/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/902441c9c015a8e7592bfe6cbaf5e735/regr.json

{"body": {"contact": ["mailto:private@whimsical.apache.org"]...

> Sebb

- Sam Ruby