[vcf-midatlantic] social.vcfed.org is down again

Andrew Diller dillera at gmail.com
Wed Mar 15 03:28:55 UTC 2023


The SSL was obtained shortly after posting that email. I'm using a manual Let's Encrypt so I can do it with one command and there is nothing but hitting enter to complete the renewal. Just needed a little coordination to update the challenge DNS that is all. We got it done and the cert is up there.

This is hardly how I would handle something at my day job, but as you surmised, this isn't my day job.

As i've said before if anyone notices anything you can email the list (i keep up) or email me directly. I'm happy to listen.

Setting up something that monitors this is a worthy exercise, I'll ask chatGPT-4 to setup something for me later this week :)


-andy



> On Mar 14, 2023, at 8:25 PM, Jonathan Chapman <lists at glitchwrks.com> wrote:
> 
> 
>> Yes, HSTS has been disabled. You can reach the site now while we are getting new certs installed. Just accept the expired cert.
> 
> I don't want to be telling folks how to do their jobs (especially since it's volunteer work), but that's a pretty rough suggestion nowadays. Looks like you're using LetsEncrypt, which is a good choice, but since the certs are short and the process should​ be automated and should​ work, I always monitor when I use LetsEncrypt. I've had two occasions where changes to their API broke acme-client​ on OpenBSD. For that situation, simply giving mail​ an actual deliverable address to go to will let you know.
> 
> For more complex situations, like when the deployment of the cert sometimes fails because of (customer) client derps, I set up a CI job to do a HTTPS connection to the page (just a cURL will do it) and bomb if there's any errors or the cert is within X days of expiration.
> 
> Thanks,
> Jonathan



More information about the vcf-midatlantic mailing list