pantheon-systems / documentation

Pantheon Docs
https://docs.pantheon.io
Other
194 stars 669 forks source link

Domains on Pantheon Doc Update - Inclusion of warnings related to cert renewal failure. #9096

Open ejcabquina opened 4 months ago

ejcabquina commented 4 months ago

Re: Domains on Pantheon

Priority: High

Issue Description: Automated re-validation failure for domains pointed to 3rd-party WAF.

Suggested Resolution:

ccharlton commented 2 months ago

@stevector @rachelwhitton the TSC who reported indicated the issue priority to consider is High.

The issue is a race condition since LE will still try to renew (policy docs get/can impacted, including routing! ouch!!). This issue has impacted live production sites post-launch, even if Domain Validation gets revoked/exempted.

Can we tag this issue as 'Priority: High Priority'?

stevector commented 2 months ago

@ccharlton @ejcabquina I'm good with trying to move fast on this issue. But I don't think @rachelwhitton or I have enough context to write the needed PR ourselves, even with the suggestions from @ejcabquina in the report. Are either of you able to draft the needed text and/or make a PR?

ejcabquina commented 2 months ago

Hi @stevector

not sure how best to communicate this but my ideas are mainly:

There's a platform gap here where we as a platform actually don't seem to have a something in place that detects this + send out email to notify customers. (or maybe we do detect this but I know for sure we're not sending out notification specific to this scenario.)

Adding this bug card here for +context - https://getpantheon.atlassian.net/issues/BUGS-8403?jql=ORDER%20BY%20created%20DESC