https pypy.org has got an invalid certificate now
Hi, Who knows how to fix this? https://pypy.org/ complains that it has got an invalid certificate. Armin
It looks like pypy.org is run on PSF infrastructure: virt-y8pzvf.psf.osuosl.org. We'd have to get a new certificate for it. I am a bit surprised that we have a wildcard certificate on one of the OSU VM. Shouldn't this only be installed on front.python.org ? Thanks. On 08.06.2018 19:07, Alex Gaynor wrote:
-- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 08 2018)
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/
On June 8, 2018 at 1:45:58 PM, M.-A. Lemburg (mal@egenix.com) wrote: It looks like pypy.org is run on PSF infrastructure: virt-y8pzvf.psf.osuosl.org. That’s correct. We'd have to get a new certificate for it. I am a bit surprised that we have a wildcard certificate on one of the OSU VM. Shouldn't this only be installed on front.python.org ? The DNS for pypy.org is set to the load balancer at OSUOSL, the wildcard cert is hosted there. This appears to be a misconfiguration in the load balancer, though I’m not sure why. Investigating now. Thanks. On 08.06.2018 19:07, Alex Gaynor wrote:
-- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 08 2018)
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/ ________________________________________________ Infrastructure mailing list Infrastructure@python.org https://mail.python.org/mailman/listinfo/infrastructure Unsubscribe: https://mail.python.org/mailman/options/infrastructure/ewdurbin%40gmail.com
This is resolved. The certificate provided for pypy.org was “forgotten” by the chef configuration on the load balancers in our OSUOSL infrastructure. It appears that some tidy up work I performed in removing old hosts inadvertently disrupted the delicate balance. I’ve rerun chef a couple times to ensure that the changes are stable and it seems TLS is back in action for pypy.org and www.pypy.org. -Ernest On June 8, 2018 at 1:08:11 PM, Alex Gaynor (alex.gaynor@gmail.com) wrote: Adding the PSF infra group. Alex On Fri, Jun 8, 2018, 1:03 PM Armin Rigo <armin.rigo@gmail.com> wrote:
________________________________________________ Infrastructure mailing list Infrastructure@python.org https://mail.python.org/mailman/listinfo/infrastructure Unsubscribe: https://mail.python.org/mailman/options/infrastructure/ewdurbin%40gmail.com
Thanks, Ernest. On 08.06.2018 21:00, Ernest W. Durbin III wrote:
-- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 08 2018)
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/
A very simple tool i built a couple years ago - it’ll send you an email if the cert on a given domain is less than 10 days from expiring: https://ismycertexpired.com/check?domain=Pypy.org M -- Matt Billenstein matt@vazor.com
It looks like pypy.org is run on PSF infrastructure: virt-y8pzvf.psf.osuosl.org. We'd have to get a new certificate for it. I am a bit surprised that we have a wildcard certificate on one of the OSU VM. Shouldn't this only be installed on front.python.org ? Thanks. On 08.06.2018 19:07, Alex Gaynor wrote:
-- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 08 2018)
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/
On June 8, 2018 at 1:45:58 PM, M.-A. Lemburg (mal@egenix.com) wrote: It looks like pypy.org is run on PSF infrastructure: virt-y8pzvf.psf.osuosl.org. That’s correct. We'd have to get a new certificate for it. I am a bit surprised that we have a wildcard certificate on one of the OSU VM. Shouldn't this only be installed on front.python.org ? The DNS for pypy.org is set to the load balancer at OSUOSL, the wildcard cert is hosted there. This appears to be a misconfiguration in the load balancer, though I’m not sure why. Investigating now. Thanks. On 08.06.2018 19:07, Alex Gaynor wrote:
-- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 08 2018)
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/ ________________________________________________ Infrastructure mailing list Infrastructure@python.org https://mail.python.org/mailman/listinfo/infrastructure Unsubscribe: https://mail.python.org/mailman/options/infrastructure/ewdurbin%40gmail.com
This is resolved. The certificate provided for pypy.org was “forgotten” by the chef configuration on the load balancers in our OSUOSL infrastructure. It appears that some tidy up work I performed in removing old hosts inadvertently disrupted the delicate balance. I’ve rerun chef a couple times to ensure that the changes are stable and it seems TLS is back in action for pypy.org and www.pypy.org. -Ernest On June 8, 2018 at 1:08:11 PM, Alex Gaynor (alex.gaynor@gmail.com) wrote: Adding the PSF infra group. Alex On Fri, Jun 8, 2018, 1:03 PM Armin Rigo <armin.rigo@gmail.com> wrote:
________________________________________________ Infrastructure mailing list Infrastructure@python.org https://mail.python.org/mailman/listinfo/infrastructure Unsubscribe: https://mail.python.org/mailman/options/infrastructure/ewdurbin%40gmail.com
Thanks, Ernest. On 08.06.2018 21:00, Ernest W. Durbin III wrote:
-- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 08 2018)
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/
A very simple tool i built a couple years ago - it’ll send you an email if the cert on a given domain is less than 10 days from expiring: https://ismycertexpired.com/check?domain=Pypy.org M -- Matt Billenstein matt@vazor.com
participants (6)
-
Alex Gaynor -
Armin Rigo -
Ernest W. Durbin III -
M.-A. Lemburg -
Matt Billenstein -
Matti Picus