[SAC] [OSGeo] #2325: Replace wildcard with single certs, renew *.osgeo.org
OSGeo
trac_osgeo at osgeo.org
Sat Jul 13 01:02:43 PDT 2019
#2325: Replace wildcard with single certs, renew *.osgeo.org
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2019-II
Component: Systems Admin | Keywords:
---------------------------+---------------------------------------
I had gotten a wild card letsencrypt to fix things like secure etc and
before I had download on new server.
Unfortunately these don't seem to renew automatically, though I think
there is a way by setting up a script, but probably more trouble than
worth as the wildcard uses DNS challenge and the challenge changes each
renewal.
I manually renewed using
{{{
certbot certonly --manual -d '*.osgeo.org' #which necessitated change txt
acme-challenge in dns
service nginx reload
}}}
Now that secure and download are on osgeo host I plan to switch those to
single certs so they can be renewed more easily.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2325>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list