Need domain and ssl/tls cert from Adobe in order to enable HTTPS and service workers in AWS

[sharkySharks]

As the title states, need to go through Adobe, per their policy, to get a domain and an associated ssl/tls certificate in order to enable HTTPS, and therefore service workers, for our demo deploy site in elastic beanstalk.

[sharkySharks]

This is an investigation with Chris Burton as the certificates for our backend Magento 2 instances that live in the regression environment have had their certs expire recently and therefore are sending 500 responses when trying to access the /graphql backend. Those certs need to be updated for testsonfire.com domains in AWS through Adobe as well, I will work to get the PWA demo site domains and certs along with this request.

[sharkySharks]

Adding HOLD label. Requests are in progress.

Chris Burton is requesting 2 domains, pwa-venia and pwa-venia-staging with whatever TLD Adobe is uses for the domains, as well as TLS certificates for each.

[sharkySharks]

Adding @cherdman here to track the progress of getting domains and tls certificates with Chris Burton.

[cherdman]

Kayden to get the account/domain/ssl powers. Will remain blocked for now.

[sharkySharks]

I watched the requests go into Adobe today, the page to request these domains were previously blocked to Magento. I will be tracking this as well as the subsequent tls certificate request.

[supernova-at]

We need SSL wildcard support for many subdomains (one for each pull request) to be secure.

[awilcoxa]

@sharkySharks @cherdman any updates?

[sharkySharks]

I'm in email communication with Adobe setting this up. Will update this ticket when Adobe's side has been set up.

[sharkySharks]

Update: finally got to the place where I can submit the certificate requests. All domains have been created and owned by Adobe, and now all certificate requests have been submitted. I followed up with an email to my Adobe contact to see who can approve these requests, so we should have our certificates shortly.

Also, all of the certificate requests, as you can see in the screenshot below, are for wildcard certificates, which will include all subdomains. 👌

[sharkySharks]

Actually, as I was typing the above, they were approved 😃

I am out this week at a conference but will pick up setting this up in our AWS account when I am back in the office.

[sharkySharks]

Tracked on Commerce DevOps board: https://jira.corp.magento.com/browse/COMOPS-56

[supernova-at]

MAJOR UPDATE

All the certs have been approved and are available.

Need new tickets for prod and staging servers.

[awilcoxa]

@sharkySharks can you update?

[sharkySharks]

Update: I am back in the office. I can look at this sometime this week.

[dpatil-magento]

I updated application with certificates keys and configuration cname changes. pwa-venia-staging - https://prtest.pwa-venia-staging.com/ pwa-venia-demo - https://develop.pwa-venia.com/

Need to check if new certificates needed for Stable and Prod environments or we can use existing ones by mapping to respective CNAMES of ELB. I will work with @sharkySharks and do the needful.

[sharkySharks]

Nice work @dpatil-magento !

Future domain requests can be made here: https://dns.corp.adobe.com/#/home DigiCert requests can be made here: https://www.digicert.com/account/login.php Adobe docs on getting access to digicert, etc: https://inside.corp.adobe.com/itech/kc/IT00030.html

[dpatil-magento]

lighthouse report was stuck/crashing as http request were not redirected to http. AWS classic load balancer does not have this feature in built. Switched to Application load balancer which has the ability to do so and now Lighthouse works as expected.

[sharkySharks]

Please take a look at the elastic bean stalk instances you have deployed. 3/4 are red with some errors, and the one that is green is not running on https.

[dpatil-magento]

Fixed one instance https://develop.pwa-venia.com. I will update remaining two soon once terminated application gets removed.

[dpatil-magento]

@sharkySharks All three instances are up and running now. https://develop.pwa-venia.com (Demo deploy pipeline) https://prod.pwa-venia.com (Stable pipeline) https://prtest.pwa-venia-staging.com (Staging pipeline)

[sharkySharks]

@dpatil-magento the demo you showed me looks good and the lighthouse score looks great! Thanks for figuring all that out. I think this can be closed now 👍