Stories
Slash Boxes
Comments

SoylentNews is people

Meta
posted by martyb on Wednesday September 15 2021, @02:45PM   Printer-friendly

Late last night (~10 PM UTC), the security certificates for SoylentNews.org expired. (Out-of-date certs result in nasty warning messages being displayed by your browser.)

Please accept my apologies for any inconvenience the outage caused.

Unfortunately, that was after I (and others on staff who could do anything about it) had gone to bed.

I had personally updated the certs in the past, but the last time was years ago. (TheMightyBuzzard had previously — and subsequently — handled getting and applying updated certs.) It had been so long that I could not find my notes on the process. (Note to self: it helps to look in the correct directory tree!)

Thankfully, audioguy appeared and was able to get things updated.

Please join me in thanking him for getting things straightened out!

P.S. The current certs are due to expire December 14, 2021, Please feel free to remind us as that date approaches!

P.P.S. The technical staff is aware of various automated solutions to renewals but made a conscious decision to do them manually. Remember that people make mistakes but to really foul things up use a computer!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Wednesday September 15 2021, @03:14PM (8 children)

    by Anonymous Coward on Wednesday September 15 2021, @03:14PM (#1178004)

    Why don't you have renewals automated. You could use certbot or some lighter weight alternatives that I've forgotten the names of.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 1, Insightful) by Anonymous Coward on Wednesday September 15 2021, @03:20PM (4 children)

    by Anonymous Coward on Wednesday September 15 2021, @03:20PM (#1178013)

    The current site operators don't have this kind of technical knowledge.

    • (Score: -1, Flamebait) by Anonymous Coward on Wednesday September 15 2021, @05:49PM (3 children)

      by Anonymous Coward on Wednesday September 15 2021, @05:49PM (#1178062)

      That's the problem with diversity hires.

      • (Score: -1, Troll) by Anonymous Coward on Wednesday September 15 2021, @09:50PM (2 children)

        by Anonymous Coward on Wednesday September 15 2021, @09:50PM (#1178121)

        There's just not enough retarded black lesbians to go around.

        • (Score: 1) by NPC-131072 on Wednesday September 15 2021, @11:55PM (1 child)

          by NPC-131072 (7144) on Wednesday September 15 2021, @11:55PM (#1178148) Journal

          Go around where?

          • (Score: 0) by Anonymous Coward on Thursday September 16 2021, @12:59AM

            by Anonymous Coward on Thursday September 16 2021, @12:59AM (#1178163)

            Go around from where they came around.

  • (Score: 2) by Opportunist on Wednesday September 15 2021, @07:20PM (2 children)

    by Opportunist (5545) on Wednesday September 15 2021, @07:20PM (#1178075)

    Heh. That's easier said than done in some circumstances.

    Trust me, I'm (probably) in the same boat as these guys here. If you have to deal with incompatible tech where one hand (the cert renewer) doesn't want to shake the other one (the cert offloader)...

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday September 15 2021, @08:14PM (1 child)

      by Anonymous Coward on Wednesday September 15 2021, @08:14PM (#1178091)

      Running web based validation is problematic when e.g., running multiple web front-ends without shared storage behind them or getting certs for non-webby stuff. But, using DNS validation works around any issues I've seen.

      Just setup a subdomain e.g., acme.mydomain.dom, and setup certbot to do all your dyndns stuff for certbot there (no scary dyndns stuff in the root of your domain). A trivial hook script to distribute signed certs, and you are done.

      Genuinely curious if you have a use case that can't be worked around by using dns validation. Ditto, curious why this can't be an option for soylent?

      Certbot works if you host your own dns or several hosted dns providers are supported too (you can delegate just the dyndns certbot subdomain to one of these providers, if you want to keep your main domain on your existing provider). And, there are several other options for acme dns domain validation besides certbot, if you prefer.

      • (Score: 1, Interesting) by Anonymous Coward on Thursday September 16 2021, @02:26AM

        by Anonymous Coward on Thursday September 16 2021, @02:26AM (#1178180)

        They can already automate the issuance of certs, I even told them the proper method last time. They just either don’t have an admin with enough time to do so or enough know-how to do so without step-by-step instructions for setting it up. Can’t really blame them as they probably have enough other issues that actually are or at least appear to be better uses of time.