Late last night (~10 PM UTC), the security certificates for SoylentNews.org expired. (Out-of-date certs result in nasty warning messages being displayed by your browser.)
Please accept my apologies for any inconvenience the outage caused.
Unfortunately, that was after I (and others on staff who could do anything about it) had gone to bed.
I had personally updated the certs in the past, but the last time was years ago. (TheMightyBuzzard had previously — and subsequently — handled getting and applying updated certs.) It had been so long that I could not find my notes on the process. (Note to self: it helps to look in the correct directory tree!)
Thankfully, audioguy appeared and was able to get things updated.
Please join me in thanking him for getting things straightened out!
P.S. The current certs are due to expire December 14, 2021, Please feel free to remind us as that date approaches!
P.P.S. The technical staff is aware of various automated solutions to renewals but made a conscious decision to do them manually. Remember that people make mistakes but to really foul things up use a computer!
(Score: 5, Informative) by Anonymous Coward on Wednesday September 15 2021, @03:16PM (3 children)
Since you are using Let's Encrypt, you may want to look into running EFF's Certbot. Once set up, it should handle renewals automatically so you don't have to deal with this anymore. It works like a charm for me on my Apache server but it supports a wide variety of hosting options.
https://certbot.eff.org [eff.org]
(Score: 5, Informative) by Thexalon on Wednesday September 15 2021, @03:58PM (1 child)
And if you don't want it completely automated for some reason, you can also set it up to send you a reminder email instead. Very handy.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by coolgopher on Wednesday September 15 2021, @10:34PM
I concur. These days https certs should be set to auto renew. Any CA worth their salt will provide this feature. Personally I use certbot, and at $work it’s auto-renew within the AWS eco system.
Letsencrypt provides easy to follow how-tos on setting it up, and then it’s just a cron job away from not having to worry unless it emails you.
(Score: 4, Informative) by bart9h on Wednesday September 15 2021, @04:38PM
I haven't heard of this certbot, seems nice.
But my server runs OpenBSD, and as usual everything is easy peasy. I just instructed cron to run acme-client (ACME = Automate Certificate Management Environment) once a month, and I'm done.