Page MenuHomePhabricator
Create Task
Maniphest T310957

*.beta.wmflabs.org Certificate has expired (June 2022 edition)
Closed, ResolvedPublic
Actions

Description

Much like T306492: *.beta.wmflabs.org Certificate has expired (April 2022 edition), visiting https://en.wikipedia.beta.wmflabs.org/wiki/Main_Page gives you a SSL cert expiry warning.

Looking at deployment-cache-text07, I note puppet is disabled:

deployment-cache-text07 is a text Varnish/ATS cache server (cache::text)
The last Puppet run was at Fri Jun 17 17:04:05 UTC 2022 (2479 minutes ago). Puppet is disabled. experiment - ori
Last puppet commit: (937e9911ed1) root - deployment-prep: add keyholder agent for scap

but I don't know enough about acme-chief etc. to guess if that'd be an issue..

Well the years expiries start coming and they don't stop coming

Related Objects
Search...

Event Timeline

TheresNoTime created this task.Jun 19 2022, 10:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 19 2022, 10:33 AM
TheresNoTime added a parent task: T293585: [epic] The SSL certificate for Beta cluster domains fails to properly renew & deploy.Jun 19 2022, 10:33 AM
Lomrjyo subscribed.Jun 19 2022, 6:24 PM
ItamarWMDE subscribed.Jun 20 2022, 10:28 AM
ori subscribed.Jun 20 2022, 3:43 PM

I created deployment-cache-text07 as a quick way of testing a change (and deleted it now). The Varnish host is still deployment-cache-text06.

ori added a comment.Jun 20 2022, 3:49 PM

I ran the command from T306492#7868828 on deployment-cache-text06 and deployment-cache-upload06:

touch /srv/trafficserver/tls/etc/ssl_multicert.config && systemctl reload trafficserver-tls.service

Seems to have fixed it.

Stashbot added a comment.Jun 20 2022, 3:50 PM

Mentioned in SAL (#wikimedia-releng) [2022-06-20T15:50:57Z] <ori> On deployment-cache-{text,upload}06, ran: touch /srv/trafficserver/tls/etc/ssl_multicert.config && systemctl reload trafficserver-tls.service (T310957)

TheresNoTime closed this task as Resolved.Jun 20 2022, 5:17 PM
TheresNoTime assigned this task to ori.

Thanks @ori! ✨

Aklapper mentioned this in T306492: *.beta.wmflabs.org Certificate has expired (April 2022 edition).Jul 3 2022, 1:46 PM
Aklapper mentioned this in T296000: *.beta.wmflabs.org Certificate has expired (November 2021 edition).
ori mentioned this in T293585: [epic] The SSL certificate for Beta cluster domains fails to properly renew & deploy.Aug 12 2022, 12:55 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL