SSL at GNOME

Certificates are managed differently based on their issuer:

  1. Gandi - certificates.git on puppetmaster01

  2. Let's Encrypt - /srv/letsencrypt on puppetmaster01 (getssl)

  3. Let's Encrypt - /srv/letsencrypt on nsd01 (certbot)

  4. Let's Encrypt on OCP 4 via cert-operator

Cloning the certificates.git should happen on the target machine itself:

ssh puppetmaster01.gnome.org
git clone /git/certificates.git

The list of the domains we cover via SSL will follow.

Gandi

  1. irc.gnome.org

Let's Encrypt

Look into {puppetmaster01,nsd01}.gnome.org:/srv/letsencrypt/configurations for all the subdomains that are covered.

Infrastructure/SSL (last edited 2022-03-23 10:58:14 by AndreaVeri)