[Systems] SSL certs expired

Aleksey Lim alsroot at activitycentral.org
Wed Sep 7 11:54:37 EDT 2011


On Thu, Sep 01, 2011 at 09:56:51AM +0000, Aleksey Lim wrote:
> On Thu, Sep 01, 2011 at 12:49:40AM -0400, Luke Faraone wrote:
> > On Tue, Aug 30, 2011 at 09:31, Aleksey Lim <alsroot at activitycentral.org>wrote:
> > 
> > > Our StartCom certs seems to be expired.
> > > I tried to regen new ones but stuck on "Domain Name Validation"[1]
> > > folowing.
> > > StartSSL UI says A verification code has been sent to
> > > "sysadmin at sugarlabs.org", but I don't see any emails on rt.sl.o.
> > >
> > >
> > www had been regenerated, along with rt.sl.o (and I think git.sl.o). I just
> > installed the rt.sl.o one today.
> 
> Could you regen certs for
> http://wiki.sugarlabs.org/go/Sysadmin/SSL_Certificates#Sites sites and
> place them to /etc/ssl/private on sunjammer, so I can update certs on
> jita.
> 
> > For some reason mail to that address is disappearing. We should investigate
> > that.
> 
> At least sending to Validation email from startssl.com to postmaster@
> seems to work (at leas I saw forwarding to systemes-log@ on sunjammed).
> Still no luck for other emails that go to rt.sl.o (seems to be rt.sl.o
> issue).

I've temporary changed aliases on sunjammer to point postmaster@ to me
(though it would be better to add certmaster at startcom.org to excaption
list on system-logs@) and tried to create new cert for git.sl.o
(evantualy, this is the only one that was expired) but still no luck to
create new cert instead of expired one. StartCom UI says:

    A certificate with domain git.sugarlabs.org already exists at Class
    1 level.
    Please try it again and choose a different (sub) domain, upgrade
    your validation status to a higher level or request revocation
    of the existing certificate at the Tool Box.

-- 
Aleksey


More information about the Systems mailing list