| Summary: | certificate expired | ||
|---|---|---|---|
| Product: | Infrastructure | Reporter: | gmgunter |
| Component: | Mirrors | Assignee: | Adrian Reber <adrian> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | casper, ferdnyc, jadijadi, kwizart, nigel.jewell, sincorchetes |
| Priority: | P1 | ||
| Version: | NA | ||
| Hardware: | All | ||
| OS: | GNU/Linux | ||
| namespace: | |||
|
Description
gmgunter
2020-05-23 10:36:00 CEST
*** Bug 5655 has been marked as a duplicate of this bug. *** *** Bug 5656 has been marked as a duplicate of this bug. *** Disclaimer: I don't know anything about RPM Fusion's web server infrastructure, and won't pretend to. I have no idea what processes or complications might be involved in maintaining and renewing certificates. No doubt they're far more complex than my own needs, which don't extend beyond encrypting traffic in and out of my home network servers, maintained solely for personal access from the outside world. So, I'm offering this purely as a query, or a suggestion that I fully expect will be rejected as invalid / impractical, for good reasons. When I finally got off my ass about setting up HTTPS on my servers, thanks primarily to the efforts of the letsencrypt.org project, one of the pleasant surprises for me was the EFF's certbot (https://certbot.eff.org/) auto-renewal tool, which is packaged in Fedora with a systemd timer unit certbot-renew.timer. When activated it'll check twice a day, and renew certificates when they're about 30 days from the end of their 90-day lifetime. Is auto-renewal a possibility for the RPM Fusion certs? The mirrors certs are using round robin dns, unfortunately the server where the certificate have been created and most mirror manager instance are only accessible by the assignee out of the "regular rpmfusion infra"... Fixed by now - I will track improvements in the process in rhbz#5657 (private). Thanks for all reports. |