search

hotosm / tech

Resources and issue tracking for Technical Working Group and all things Tech within HOT. Start here to get more information about how to get involved in HOT.
68 stars 13 forks source link

Add https support to the redirect HOT hosts for hot.openstreetmap.org #115

Closed bgirardot closed 6 years ago

bgirardot commented 6 years ago

OSM Tech WG are trying go all https and currently HOT hosts a redirect at hot.openstreetmap.org on amelia that does not have an https option. We need to add a cert to that server and configure the we server so we can support :443 connection for the redirect on that host.

OSM lists amalia's ip address for the host in its DNS.

https://trac.openstreetmap.org/browser/dns/src/openstreetmap#L481

Please see the bottom of this OSM issue:

https://github.com/openstreetmap/operations/issues/190

Another option is to have osm take over the serving of the redirect and then their certificate would cover the machine serving the redirect.

This appears to be the last stumbling block to their efforts on that issue.

grischard commented 6 years ago

The CAA DNS record for openstreetmap.org specifies that only letsencrypt can issue certificates for *.openstreetmap.org

smit1678 commented 6 years ago

Thanks again @bgirardot @grischard.

To update from the thread on openstreetmap/operations#190, since we're not using these domains and only redirecting, it makes sense to move any redirect of these domains to the OSM operations team and infrastructure.

I'm going to close this out as they've made this switch and pointed hot.openstreetmap.org to https://hotosm.org.