Closed jencohoon closed 2 years ago
jencohoon
commented
3 years ago donate has a SAN (Subject Alternative Name) SSL cert, for give.mozilla.org which expires on Dec 2, 2021.
The SAN is not automatically managed.
Surveyed of other production properties - foundation, networkpulse.
The only other property with SSL and DNS errors is the redirector which is to be expected, updating the title to reflect the property
jencohoon
commented
3 years ago To view cert on give.mozilla.org (and figure out where the cert is being served from):
From Firefox
Go to about:config and set network.http.redirection-limit to 0.
https://give.mozilla.org is being served from LetsEncrypt which is Heroku's Automated SSL cert manager
https://donate.mozilla.org cert is coming from AWS Route53
jencohoon
commented
2 years ago Removed expired SSL cert (cert expired Dec 2, 2021) because SSL cert for *.mozilla.org is being served from AWS as I expected.
Check each of the "apps" in the "mozilla" team folder has valid SSL certs.
Change certs to auto-renew when possible.