[SAC] [OSGeo] #2256: Migrate All HTTPS Certs to Lets Encrypt

OSGeo trac_osgeo at osgeo.org
Sat Mar 30 09:36:04 PDT 2019 

#2256: Migrate All HTTPS Certs to Lets Encrypt
---------------------------+---------------------------------------
 Reporter:  wildintellect  |       Owner:  robe
     Type:  task           |      Status:  new
 Priority:  normal         |   Milestone:  Sysadmin Contract 2019-I
Component:  Systems Admin  |  Resolution:
 Keywords:                 |
---------------------------+---------------------------------------

Comment (by robe):

 osgeo6 had the old certbot and it's running Debian 8. Certbot recommends
 using the certbot-auto for debian8 (and not the one from repo which is too
 old).

 So first had to remove the old certbot and install new one
 I assumed martin used aptitude here since I know he prefers that so I used
 that

 {{{
 aptitude remove certbot #was at 0.11
 wget https://dl.eff.org/certbot-auto
 chmod a+x certbot-auto
 mv certbot-auto /bin/
 certbot-auto --apache
 }}}

 Some domains were live in here but they are not hosted here or seem dead
 so left them alone or disabled the site


 {{{
 featureserver.org (this is running on projects.osgeo.osuosl.org)
 ol3js.org (was showing foss4g2018 community review - I didn't renew or
 kill but should be killed probably.  I'll send a note about this one
 www.openlayers.org, blog.openlayers.org (Are hosted at 104.211.15.*
 however dev,docs (which points at OL2 docs is still here) - can we kill
 this (they are all in the openlayer.conf along with the live sites so I
 didn't disable them)

 projects.osgeo.osuosl.org is not on this server #looks like maybe Martin
 started moving everything to osgeo6 from that server as all left there
 appears to be community-rewiew.foss4g.org.conf and featureserver.org.conf
 and sr.org.conf (so nixed this)

 remotesensing.org, www.remotesensing.org  - just got a WIX flash page so
 disabled it
 www.tilecache.org -- is this project still alive?  I didn't renew but
 didn't disabled the site either
 ol3js.org - pointing to projects but it's mixed in with everything else

 }}}


 Then then certs I renewed with certbot-auto

 #these were already using it, but needed to be renewed with new TLS
 {{{
 drone.osgeo.org
 gdal.org, www.gdal.org #was using certbot, was expiring 4/24
 grass.osgeo.org
 grasswiki.osgeo.org
 lists.osgeo.org
 mapserver.osgeo.org

 }}}

 These had no cert so added letsencrypt


 {{{
 geotools.org, www.geotools.org
 docs.geotools.org
 mapserver.gis.umn.edu
 }}}

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2256#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list