Page MenuHomePhabricator
Create Task
Maniphest T112608

*.wmflabs.org https certificate expired (tools.wmflabs.org)
Closed, ResolvedPublic
Actions

Assigned To
coren
Authored By
Bamyers99
Sep 15 2015, 1:02 AM
Tags
Referenced Files
F2604942: this-connection-is-untrusted.png
Sep 15 2015, 2:42 AM
Subscribers
Aklapper
AllApatcha
Ash_Crow
coren
Edgars2007
Florian
Fuzheado
View All 26 Subscribers
Tokens
"Heartbreak" token, awarded by Fuzheado."Heartbreak" token, awarded by Negative24."Mountain of Wealth" token, awarded by Vituzzu."Doubloon" token, awarded by Ash_Crow."Mountain of Wealth" token, awarded by Florian."Manufacturing Defect?" token, awarded by matmarex."The World Burns" token, awarded by Superjuju10."The World Burns" token, awarded by Thibaut120094."The World Burns" token, awarded by Thgoiter."The World Burns" token, awarded by Sjoerddebruin.

Description

tools.wmflabs.org https certificate expired certificate expired on 15-09-14 08:43 PM. This is the star.wmflabs.org certificate which is also used for https in the labs proxy.

Related Objects
Search...

Event Timeline

Bamyers99 created this task.Sep 15 2015, 1:02 AM
Bamyers99 raised the priority of this task from to Needs Triage.
Bamyers99 updated the task description. (Show Details)
Bamyers99 added a project: Toolforge.
Bamyers99 subscribed.
Restricted Application added a project: Cloud-Services. · View Herald TranscriptSep 15 2015, 1:02 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
yuvipanda renamed this task from tools.wmflabs.org https certificate expired to *.wmflabs.org https certificate expired.Sep 15 2015, 1:04 AM
yuvipanda triaged this task as Unbreak Now! priority.
yuvipanda updated the task description. (Show Details)
yuvipanda set Security to None.
yuvipanda subscribed.Sep 15 2015, 1:12 AM

Looks like it might take us a day or so to renew them. Ugh.

Krenair subscribed.Sep 15 2015, 1:12 AM
Negative24 subscribed.Sep 15 2015, 1:19 AM

Now, how will we remember to do this in the future?

yuvipanda added a comment.Sep 15 2015, 1:20 AM

I think there's a calendar somewhere with expiry dates, and this cert was just missed. I'll verify and make sure there's one such calendar.

Krenair added a comment.Sep 15 2015, 1:27 AM

T112542 refers to a 'tracking calendar'. And this is sort of part of that.

Ricordisamoa subscribed.Sep 15 2015, 1:36 AM
Krinkle renamed this task from *.wmflabs.org https certificate expired to *.wmflabs.org https certificate expired (tools.wmflabs.org).Sep 15 2015, 1:38 AM
Krinkle updated the task description. (Show Details)
Krinkle subscribed.
Nicolas_Raoul subscribed.Sep 15 2015, 2:42 AM

Thanks for working on this :-)

Just for info, this breaks most Wikivoyage articles (they embed a dynamic map frame generated by tools.wmflabs.org):

this-connection-is-untrusted.png (524×599 px, 49 KB)

Negative24 added a comment.Sep 15 2015, 2:50 AM

Should the Wikivoyage tool perhaps be moved to a production or production-like machine to prevent such occurrences? From what I've heard, anything that breaks the actual page of a Wikimedia wiki (not bot/maintenance tasks) should be put on a higher priority machine. (topic for another task; cc me if one is made)

Jalexander subscribed.Sep 15 2015, 4:19 AM
Wrh2 subscribed.Sep 15 2015, 5:42 AM
In T112608#1640292, @Negative24 wrote:

Should the Wikivoyage tool perhaps be moved to a production or production-like machine to prevent such occurrences? From what I've heard, anything that breaks the actual page of a Wikimedia wiki (not bot/maintenance tasks) should be put on a higher priority machine. (topic for another task; cc me if one is made)

There is a maps.wikimedia.org service in progress that I believe is supposed to be a more "official" maps service - see Yurik's comments at the end of the https://en.wikivoyage.org/wiki/Wikivoyage:Travellers%27_pub#Dynamic_maps thread - but my understanding is that it is still a work-in-progress and that issues still need to be resolved.

yuvipanda added a comment.Sep 15 2015, 5:50 AM

We are waiting on the CA to re-issue the certificate and will be back online as soon as that happens. Might be up to midday west coast time however :(

Sjoerddebruin awarded a token.Sep 15 2015, 7:13 AM
Thgoiter awarded a token.Sep 15 2015, 8:27 AM
Thgoiter subscribed.
Thibaut120094 awarded a token.Sep 15 2015, 9:34 AM
Thibaut120094 subscribed.
Superjuju10 awarded a token.Sep 15 2015, 9:38 AM
Superjuju10 subscribed.
zhuyifei1999 subscribed.Sep 15 2015, 9:53 AM
Trizek-WMF subscribed.Sep 15 2015, 10:00 AM
matmarex awarded a token.Sep 15 2015, 10:02 AM
Florian awarded a token.Sep 15 2015, 10:24 AM
Florian subscribed.
Ash_Crow awarded a token.Sep 15 2015, 11:34 AM
Ash_Crow subscribed.
Vituzzu awarded a token.Sep 15 2015, 11:43 AM
Xqt subscribed.Sep 15 2015, 12:36 PM
AllApatcha subscribed.Sep 15 2015, 12:47 PM
Edgars2007 subscribed.Sep 15 2015, 1:06 PM
Negative24 awarded a token.Sep 15 2015, 1:30 PM
JohnLewis subscribed.Sep 15 2015, 2:25 PM
Fuzheado awarded a token.Sep 15 2015, 2:39 PM
Fuzheado subscribed.
coren closed this task as Resolved.Sep 15 2015, 4:06 PM
coren claimed this task.
coren subscribed.

The new certificates have been issued, and I've pushed them to the servers (specifically, the labs-wide dynamicproxy and the tools-specific proxies and static web servers).

As far as I can tell, that covers everything.

Luke081515 subscribed.Sep 15 2015, 4:29 PM
Wrh2 added a comment.Sep 15 2015, 8:28 PM
In T112608#1641865, @coren wrote:

The new certificates have been issued, and I've pushed them to the servers (specifically, the labs-wide dynamicproxy and the tools-specific proxies and static web servers).

As far as I can tell, that covers everything.

Thanks for the quick solution - things look fine to me now when I open https://tools.wmflabs.org/ or pull up a Wikivoyage map such as https://en.wikivoyage.org/wiki/Culver_City#Get_around.

hashar subscribed.Sep 16 2015, 9:11 AM

Left to be done is to add a monitoring probe for the certificate expiry T112645: Add a monitoring check for *.wmflabs.org certificate

matej_suchanek added a project: User-notice.Sep 17 2015, 2:39 PM
Johan moved this task from To Triage to Announce in next Tech/News on the User-notice board.Sep 17 2015, 4:08 PM
Bamyers99 unsubscribed.Sep 17 2015, 4:23 PM
Johan moved this task from Announce in next Tech/News to In current Tech/News draft on the User-notice board.Sep 23 2015, 11:18 AM
Johan moved this task from In current Tech/News draft to Recently announced in Tech/News on the User-notice board.Sep 23 2015, 11:50 AM
Quiddity moved this task from Recently announced in Tech/News to Already announced/Archive on the User-notice board.Oct 1 2015, 7:16 PM
MZMcBride subscribed.Oct 12 2015, 6:23 AM
yuvipanda closed subtask T112645: Add a monitoring check for *.wmflabs.org certificate as Resolved.Nov 7 2015, 8:10 AM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:47 PM
Restricted Application added subscribers: Jay8g, TerraCodes. · View Herald TranscriptJun 7 2017, 6:47 PM
Maintenance_bot edited projects, added User-notice-archive; removed User-notice, Cloud-Services.Aug 13 2022, 1:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits
  NODES
HOME 1
mac 4
Note 1
os 6
server 4
Verify 1
web 2