| From: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
|---|---|
| To: | Mikael Kjellström <mikael(dot)kjellstrom(at)mksoft(dot)nu> |
| Cc: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, buildfarm-members(at)postgresql(dot)org, buildfarm-admins(at)postgresql(dot)org |
| Subject: | Re: Moving to HTTPS |
| Date: | 2017-01-16 09:24:58 |
| Message-ID: | 2be4be1b-d971-53f0-4d26-410728140418@kaltenbrunner.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | buildfarm-members |
On 01/15/2017 03:09 PM, Mikael Kjellström wrote:
> On 2017-01-15 14:59, Andrew Dunstan wrote:
>
>> The test should be thorough enough. If you want to try it for real and
>> you're using the same that you built against, just change the URLs in
>> your config file, i.e.:
>>
>> sed -i -e
>> s,http://www.pgbuildfarm.org/,https://buildfarm.postgresql.org/,
>> your-config-file
>
> I tried to surf to:
>
> https://pgbuildfarm.org/
>
> and I am getting that the certificate is invalid. I see that you are
> using let's encrypt service for the SSL-certificate. Just configure it
> to include all the DNS-names that you are using. Currently the
> installed certificate is configured for the DNS-name:
>
> buildfarm.postgresql.org
>
> and with the SAN:
>
> DNS Name: brentalia.postgresql.org
> DNS Name: buildfarm.postgresql.org
>
> I would suggest adding pgbuildfarm.org, www.pgbuildfarm.org etc also as
> SAN:s.
Thanks for the suggestion, but that is not easily doable in our current
infrastructure - our letsencrypt deployment is fully automated and
completely integrated with our internal config management and nameserver
infrastructure and therefor only works with domains we also host and
manage through/on pginfra.
regards
Stefan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mikael Kjellström | 2017-01-16 11:21:38 | Re: Moving to HTTPS |
| Previous Message | Tom Lane | 2017-01-15 21:53:21 | Re: Moving to HTTPS |