This page contains information on SSL certificates for Toolforge.
For LE certificates, we use acme-chief.
There is currently 1 certificate in use.
- *.toolforge.org (also know as star.toolforge.org) which also includes *.tools.wmflabs.org.
*.toolforge.org / *.tools.wmflabs.org
This certificate was introduced in T235252
This certificate is in use by Toolforge web proxies as well as the k8s master and docker registry, and is physically deployed in several servers:
The private key is generated in the acme-chief servers (tools-acme-chief-*). These servers are responsible for requesting new certificates, renewal, etc. They contain credentials that can be used to make the DNS changes necessary to prove domain ownership.
Example URL using this SSL certificate: https://tools.wmflabs.org/