[SAC] [OSGeo] #2325: Replace wildcard with single certs, renew *.osgeo.org

[OSGeo]

#2325: Replace wildcard with single certs, renew *.osgeo.org
---------------------------+---------------------------------------
 Reporter:  robe           |      Owner:  sac@…
     Type:  task           |     Status:  new
 Priority:  normal         |  Milestone:  Sysadmin Contract 2019-II
Component:  Systems Admin  |   Keywords:
---------------------------+---------------------------------------
 I had gotten a wild card letsencrypt to fix things like secure etc and
 before I had download on new server.

 Unfortunately these don't seem to renew automatically, though I think
 there is a way by setting up a script, but probably more trouble than
 worth as the wildcard uses DNS challenge and the challenge changes each
 renewal.

 I manually renewed using


 {{{
 certbot certonly --manual -d '*.osgeo.org' #which necessitated change txt
 acme-challenge in dns
 service nginx reload
 }}}

 Now that secure and download are on osgeo host I plan to switch those to
 single certs so they can be renewed more easily.

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2325>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.