Stories
Slash Boxes
Comments

SoylentNews is people

Our Site's Certs were Renewed Today

posted by martyb on Tuesday June 11 2019, @04:00PM   Printer-friendly
from the passing-the-word dept.

martyb writes:

As many of you are aware, SoylentNews uses Let's Encrypt certificates to protect the vast majority (all?) of our networking connections.

Under the watchful eyes of The Mighty Buzzard and SemperOSS I have updated our certs and deployed them across our servers and services. At this point, all seems to be working fine. That said, I have a well-earned reputation of being able to break nearly anything, so it would not entirely surprise me if you find something awry. If so, please let us know! You can comment on this story and/or jump over to the "#dev" channel on IRC and let us know there.

For completeness' sake, the updated certs were rolled out at 20190611_140630 UTC.

NOTE: Do be aware it takes time for updated DNS records to work their way across the internet, so if you do encounter a problem, try clearing your cache and trying again before assuming things are borked.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Our Site's Certs were Renewed Today | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by martyb on Tuesday June 11 2019, @05:42PM (1 child)

    by martyb (76) Subscriber Badge on Tuesday June 11 2019, @05:42PM (#854288) Journal

    Yes, we are aware that we could automate this using certbot. And, yes, there is something to be said for reducing the potential for human error. That said, a decision has been that, at least at this point, something that messes with our DNS entries should be done by a human with eyes wide open for any potential difficulty.

    You may not be aware, but SoylentNews has much more infrastructure than meets the eye. Of course there is the web site. We also have our own IRC system'. And e-mail. And we have a dual-homed MySQL database cluster. Oh, and dual front ends with nginx, IIRC. Of course we run apache. And there's modperl in there. We also have inherited slashd which is a daemon which basically spins around and functions like a home-grown cron system. That's just off the top of my head; I am certain I have forgotten something.

    The stability of the site is due in huge part to the careful and watchful eyes of our sysadmins who labor behind the scenes attending to all the fiddly bits. They seem to work under the premise that you should not notice that they are there!

    I did mention fiddly, didn't I? There are some things that were crafted to work together with a sledgehammer, if you know what I mean.

    So, for the foreseeable future, we are willing to take the manual approach and make sure that things continue to work as expected. Unless you want to volunteer and try to navigate around hosed secure connections while trying to get all the spinning bits back together again? I know I sure do not!

    --
    Wit is intellect, dancing.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by c0lo on Tuesday June 11 2019, @11:14PM

    by c0lo (156) Subscriber Badge on Tuesday June 11 2019, @11:14PM (#854426) Journal

    The stability of the site is due in huge part to the careful and watchful eyes of our sysadmins who labor behind the scenes attending to all the fiddly bits

    Eh, in my times this was shorter and more honestly put as 'Gone fishing'

    Coz a good sysadm is like insurance, you pay her/him for just-in-case and should be happy to hear s/he has nothing to do better than fishing.

    (grin)

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford