Operations grimoire/Incidents/2017-03-12-SSL

From Nasqueron Agora
Revision as of 19:11, 12 March 2017 by Dereckson (talk | contribs) (Created page with "== Incident timeline == * 2017-02-25 Certificate renewed for www.wolfplex.be * 2017-03-11 Old certificate expired * 2017-03-12 Nginx was restarted at 17:28:44, new certificate...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

📕📁📜 Old technical information :: content warning

⌛ This Nasqueron Operations Grimoire page hasn't been updated for a long time.

☣ As our infrastructure evolves quickly, there is a good chance this information is outdated or now inaccurate. Be careful and consider update it.

➡️ To assert the information is still up-to-date or not, you can check the history of the relevant role in our Operations repository.

Incident timeline

  • 2017-02-25 Certificate renewed for www.wolfplex.be
  • 2017-03-11 Old certificate expired
  • 2017-03-12 Nginx was restarted at 17:28:44, new certificate was live

Root cause

Nginx server MUST be reloaded after a certificate has been renewed.

Actionables

  • Create a plugin to automate this server restart (like in D743)
  • Provide the restart operation as certbot argument and consider to cron that (T1167)