Renew SSL certificate (2018-04-27)

[njam]

Current certificate expires: 2018-04-27

As you mentioned @NicolasSchmutz Let's discuss on Thursday.

[NicolasSchmutz]

As discussed, let's check if we can use Let’s Encrypt. They have wildcard now. Otherwise I'll buy it over rapid ssl.

[njam]

Taking an EC2 EBS snapshot now to have a contingency plan.

Hostnames in use are denkmal.org www.denkmal.org admin.denkmal.org origin-www.denkmal.org

$ grep -r 'server_name' /etc/nginx/
/etc/nginx/puppet-tmp/nginx.d/www.denkmal.org-https-redirect-001:  server_name           www.denkmal.org denkmal.org admin.denkmal.org;
/etc/nginx/puppet-tmp/nginx.d/www.denkmal.org-700-ssl:  server_name           www.denkmal.org denkmal.org admin.denkmal.org;
/etc/nginx/puppet-tmp/nginx.d/www.denkmal.org-origin-700-ssl:  server_name           origin-www.denkmal.org;
/etc/nginx/puppet-tmp/nginx.d/server-status-001:  server_name           localhost;
/etc/nginx/uwsgi_params:uwsgi_param  SERVER_NAME        $server_name;
/etc/nginx/nginx.conf:  server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf:  server_names_hash_max_size 1024;
/etc/nginx/fastcgi_params:fastcgi_param   SERVER_NAME             $server_name;
/etc/nginx/scgi_params:scgi_param  SERVER_NAME        $server_name;
/etc/nginx/conf.d/vhost_autogen.conf:  server_name           localhost;
/etc/nginx/conf.d/vhost_autogen.conf:  server_name           www.denkmal.org denkmal.org admin.denkmal.org;
/etc/nginx/conf.d/vhost_autogen.conf:  server_name           www.denkmal.org denkmal.org admin.denkmal.org;
/etc/nginx/conf.d/vhost_autogen.conf:  server_name           origin-www.denkmal.org;

[njam]

It's done! The certbot package even in backports for jessie is too old (no nginx support), so I was installing it using their script certbot-auto. I did install a system timer for auto renewal, but will also check it manually in 2 months to be sure.

[NicolasSchmutz]

great, thanks a lot! we saved some money there 🍺