Portal:Toolforge/Admin/SSL certificates

From Wikitech
Jump to navigation Jump to search

This page contains information on SSL certificates for Toolforge.

For LE certificates, we use acme-chief.

Usage

There is currently 1 certificate in use.

  • *.toolforge.org (also know as star.toolforge.org) which also includes *.tools.wmflabs.org.

*.toolforge.org / *.tools.wmflabs.org

This certificate was introduced in T235252

This certificate is in use by Toolforge web proxies as well as the k8s master and docker registry, and is physically deployed in several servers:

  • tools-proxy-*.tools.eqiad.wmflabs
  • tools-k8s-master-*.tools.eqiad.wmflabs
  • tools-docker-registry-*.tools.eqiad.wmflabs

The private key is generated in the acme-chief servers (tools-acme-chief-*). These servers are responsible for requesting new certificates, renewal, etc. They contain credentials that can be used to make the DNS changes necessary to prove domain ownership.

Example URL using this SSL certificate: https://tools.wmflabs.org/

See also