Re: repo.jenkins-ci.org SSL certificate

14 views
Skip to first unread message

Kohsuke Kawaguchi

unread,
Nov 8, 2021, 1:44:03 PM11/8/21
to jenkin...@googlegroups.com
I guess I sent it to a wrong email address?

On Tue, Nov 2, 2021 at 6:32 AM Kohsuke Kawaguchi <k...@kohsuke.org> wrote:
GoDaddy notified me that SSL certificate for repo.jenkins-ci.org will expire next March.

It looks like this certificate is still in active use, so should I get this renewed? We need to work with JFrog to get this certificate installed.

--
Kohsuke Kawaguchi

Tim Jacomb

unread,
Nov 8, 2021, 3:44:08 PM11/8/21
to jenkin...@googlegroups.com
:) moved to google groups awhile back

--
You received this message because you are subscribed to the Google Groups "Jenkins Infrastructure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins-infr...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CAN4CQ4x4ABtBDSZRcQVO1a8TvW2-wJmtROsWYn%3DVXbWscZxsGw%40mail.gmail.com.

Kohsuke Kawaguchi

unread,
Nov 11, 2021, 12:49:19 PM11/11/21
to jenkin...@googlegroups.com
Any thoughts on the substance of the email? Can somebody confirm that this certificate should be renewed?

Mark Waite

unread,
Nov 11, 2021, 1:33:26 PM11/11/21
to Jenkins Infrastructure
As far as I know, the certificate should be renewed.  The current certificate on repo.jenkins-ci.org was issued by GoDaddy and expires March 2, 2022.  I'm not sure how that certificate has been communicated to JFrog, but the general information of the certificate mentioned in the email could match the certificate on that machine.

Kohsuke Kawaguchi

unread,
Nov 12, 2021, 3:23:27 PM11/12/21
to jenkin...@googlegroups.com
Sounds good, Mark. I'll proceed accordingly.

I've done this certificate renewal with JFrog support in the past, so I should be able to do it again. I'll keep this list posted.

Damien Duportal

unread,
Nov 16, 2021, 12:00:19 PM11/16/21
to jenkin...@googlegroups.com
Hello Kohsuke

Thanks for taking care of this subject!

I see that you’ve opened a PR at https://github.com/jenkins-infra/jenkins-infra/pull/1991 and I got a few questions that will be in the PR.

We’ll check carefully the emails, sorry I missed your previous ones as it was marked as spam (not the case anymore)


Damien

Damien Duportal

unread,
Nov 16, 2021, 12:11:28 PM11/16/21
to Jenkins Infrastructure
Kohsuke,

based on the PR and informations issued by JFrog, do you want us to take over and generate a certificate with our certbot CLI ?
(that would use DNS validation in the same way as other certificates providers are doing, and we should get a certificate + key + bundle).

That would avoid you to waste your time on this inquiry :)

Damien

Gavin Mogan

unread,
Nov 16, 2021, 12:21:50 PM11/16/21
to Jenkins Infrastructure
certbot would run every 3 months. It probably takes that long to get jfrog to install the new cert manually.

Damien Duportal

unread,
Nov 16, 2021, 12:45:07 PM11/16/21
to Jenkins Infrastructure
Fair, so I've got double check from Tim (thanks!) that DNS zones are managed by Azure.

The TXT record had been added: @Kohsuke you should be ready to proceed with Godaddy.

Many thanks for taking care of that.

Damien

Kohsuke Kawaguchi

unread,
Nov 16, 2021, 3:50:45 PM11/16/21
to jenkin...@googlegroups.com
Thanks. I'm good now.

Damien Duportal

unread,
Dec 14, 2021, 9:00:49 AM12/14/21
to Jenkins Infrastructure
Hello Kohsuke,

Were you able to manage this certificate upgrade with JFrog?
If you are busy, do you want us to take over (in this case you can send to Mark and I the private certificate and its key, and we'll manage with Jfrog).

Many thanks for your time!

Damien

Kohsuke Kawaguchi

unread,
Dec 14, 2021, 10:57:50 AM12/14/21
to jenkin...@googlegroups.com
My apologies for making you guys worry. Once I'm done with the traveling I'll get back to it.

The challenge is that we have a three day time window in which I have to generate a new key & certificate and JFrog needs to install it. 

Reply all
Reply to author
Forward
0 new messages