Fwd: [#228349] Certs expiring for jenkinsci
27 views
Skip to first unread message
Kohsuke Kawaguchi
Dec 6, 2022, 4:43:48 PM12/6/22
to jenkin...@googlegroups.com
FYI. I see in my GoDaddy account this certificate (but interestingly the record already shows its renewal was requested on 11/17... is this somehow a shared certificate with other accounts!?)
Is somebody already actively working on this? If not, do I need to drive this? I just wanted to make sure because 12 days is not a lot of time.
---------- Forwarded message ---------
From: JFrog Support <sup...@jfrog.com>
Date: Tue, Dec 6, 2022 at 1:14 PM
Subject: [#228349] Certs expiring for jenkinsci
To: k...@kohsuke.org <k...@kohsuke.org>
From: JFrog Support <sup...@jfrog.com>
Date: Tue, Dec 6, 2022 at 1:14 PM
Subject: [#228349] Certs expiring for jenkinsci
To: k...@kohsuke.org <k...@kohsuke.org>
Hello Kohsuke,
We’ve received a cert expiry alert for jenkinsci for CNAME : repo.jenkins-ci.org. Certificates are about expire on
Please refer to information here and provide renewed certs. Thank you. I look forward to hearing back from you soon.
Best regards,
Maurice Washington
JFrog Support
ref:_00D20M3v0._500695VH0wq:ref
We’ve received a cert expiry alert for jenkinsci for CNAME : repo.jenkins-ci.org. Certificates are about expire on
Sun, 18 Dec 2022 17:57:21 UTC(approximately 12 days).
Please refer to information here and provide renewed certs. Thank you. I look forward to hearing back from you soon.
Best regards,
Maurice Washington
JFrog Support
ref:_00D20M3v0._500695VH0wq:ref
Mark Waite
Dec 6, 2022, 9:43:05 PM12/6/22
to Jenkins Infrastructure
Damien is taking the lead on the renewal of the SSL certificate for repo.jenkins-ci.org. However, if there is a way you can help, I am sure he will be grateful.
We met with Lisa and Stephen of JFrog today and they are ready to help if needed.
--
You received this message because you are subscribed to the Google Groups "Jenkins Infrastructure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins-infr...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CAN4CQ4za5xYy-mNvXv%3DdR-OdXz6Px-dfK3eAZ_pRDWHuZ-6FAg%40mail.gmail.com.
Damien Duportal
Dec 7, 2022, 3:01:43 AM12/7/22
to jenkin...@googlegroups.com
Hi Kohsuke,
Thanks for the notification!
We were already actively working as the JFrog instance will be under a big maintenance the 18th of December (so we have to send a certificate to JFrog this week).
May I ask your help one more time to re-generate a 1-year certificate with the email jenkins-infra-team@googlegroups and share it here (encrypted with either Jfrog GPG key https://jfrog.com/knowledge-base/how-to-configure-custom-cname-for-artifactory-cloud/ or mine https://github.com/jenkins-infra/charts-secrets/blob/main/gpg/dduportal.gpg)?
I'll take care of sending it to the right person inside JFrog so they can prioritize the action for us.
Side question: is the godaddy account your personnal or was it a jenkins account? I'm asking to see if we can avoid bothering you next year. We were going to use LetsEncrypt certificate (only valid 90 days) but 1 year would be easier for this case as there are no automatic renewal feature on JFrog side (yet?).
Many thanks
Damien
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CAO49JtF7K2irQPwN5Nexr4Z0TAAD8mvbs0YKZPv-S8ZSgAgUYg%40mail.gmail.com.
Kohsuke Kawaguchi
Dec 7, 2022, 9:19:11 AM12/7/22
to jenkin...@googlegroups.com
Oh great.
Here's the server key and the certificate, packaged according to their instructions encrypted with their GPG keys.
AFAIK there's no room for email addresses with these things. So I didn't "regenerate ... with the email jenkins-infra-team@googlegroups"
This GoDaddy account is my personal one.
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CA%2BAiRi8Vo8E%3D8E6CWqQE4SEhaiGGPkLsto147B6ZaQZNPg0Spw%40mail.gmail.com.
Damien Duportal
Dec 7, 2022, 10:28:06 AM12/7/22
to jenkin...@googlegroups.com
Thanks for the help!
I can proceed with JFrog.
I acknoledge that it is your personal account: we (Jenkins Infra) might want to check for Azure's certificate provider for the cases, like this one, were a 1 year certificate is required in the future, to avoid making you using personnal resources: does it make sense?
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CAN4CQ4y96nc%3DWbVktegAdK3HfW3Q8WiZ0R%3DLBKiwdNt7K%3D44CQ%40mail.gmail.com.
Kohsuke Kawaguchi
Dec 7, 2022, 11:02:26 AM12/7/22
to jenkin...@googlegroups.com
Whatever works for you guys is good with me, including me doing this little routine every year. This time I got caught off guard, but I can easily set the reminder to give ourselves enough lead time.
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CA%2BAiRi_4F64XXx-JiU1Wvkrf3AP6oPeW6Fn7AHQNvYxG5UHB5w%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages