SoylentNews is people
SoylentNews
I just finished updating the certs for SoylentNews.
We get our certs through Let's Encrypt. Yes, we could automate the whole process, but it has been discussed and decided that given our... unique configuration, it is best to have a human in the loop than to let a script somehow run amok and then try to restore things when who-all-knows-what got deployed and things have gone sideways.
I have checked our web sites for production, dev, and staff as well as sending and retrieving e-mail; all seemed to be okay.
More than anything else, this is a check on us to see if we (well, me, actually) overlooked anything. If you do detect any issues, please post a comment to this story.
(Hat tip to The Mighty Buzzard for standing by in case I bollixed up something.)
[Update: Unless, of course, you cannot post a comment to this story! Then pop onto the #Soylent channel on our Internet Relay Chat (IRC) server and let us know over there. --martyb]
(Score: 0) by Anonymous Coward on Thursday August 22 2019, @02:35PM (2 children)
If you're not going to automate, why not spend $14 and only do it every 2 years instead of every 90 days?
(Score: 2) by Fnord666 on Thursday August 22 2019, @02:57PM
Is there a reputable CA that sells two year site certs with SANs for $14?
(Score: 4, Informative) by martyb on Thursday August 22 2019, @03:13PM
In addition to the preceding, sibling comment, I would add that our needing to regularly update the certs keeps it in the collective site-maintenance mind share. After, say, 18 months' time, who is going to be thinking about when the certs are going to expire? We've reported here several stories where even large multinational companies have inadvertently let domain registrations, certs, etc. expire and were soundly ridiculed for doing so.
Also, this is not within my usual area of expertise, but I am willing to learn and expressed an interest to TheMightyBuzzard. He kindly wrote up some instructions and watched over my shoulder the first couple of times I did the cert updates. This time, I let him know I was doing the update and he basically just wished me well.
Analogy time, think of the first couple of programs you wrote in a new programming language, but with the understanding that a coding error could cause thousands of people to be unable to access a web site. And IRC. And our e-mail. And... you get the idea.
And let me take a moment to mention how fortunate SoylentNews is to have the team of sysops we have. They quietly take care of the low-level plumbing that is needed for this site to work. Load balancers, web server, database servers, e-mail, IRC, the list goes on. It is a testament to their skill and expertise that this site — which originally would crash several times each day at the beginning — now regularly goes months without even a hiccup!
Wit is intellect, dancing.