search

dandi / dandi-hub

Infrastructure and code for the dandihub
https://hub.dandiarchive.org
Other
11 stars 23 forks source link

Certificate is expiring #144

Open yarikoptic opened 7 months ago

yarikoptic commented 7 months ago

Got email with

Your certificate (or certificates) for the names listed below will expire in 6 days (on 2024-04-15). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.
hub.dandiarchive.org

Ideally we should automate updates. On Debian systems I believe (it is "fire and forget") rely on https://certbot.eff.org/ which might be of help here?

satra commented 7 months ago

it should already be automated for the current hub.

yarikoptic commented 7 months ago

is there a record on how it is it done ? I failed to find anything possibly related while searching through our org.

satra commented 7 months ago

it's in config.yaml.j2 - however for the current hub there is a manual step that needs to be done on the instance as something broke last year in that configuration with the aws proxy. i'll keep monitoring this week to see if it autorenews. in the past it has.

satra commented 7 months ago

for some reason the hub is again using the standard certificate from aws+dandi, not the letsencrypt one. i don't know why. that may be the reason why letsencrypt is sending those messages.