[Jenkins-infra] Renewing (issues|wiki).jenkins-ci.org certs

R. Tyler Croy tyler at monkeypox.org
Tue Nov 1 17:51:21 UTC 2016


(replies inline)

On Tue, 01 Nov 2016, Kohsuke Kawaguchi wrote:

> GoDaddy just sent me a reminder that the cert for those hosts need need to
> be renewed in 2 months.
> 
> Before I spend $150 to renew this, I want to make sure we will still use
> this cert. Lots of things are moving around lately, and I expect some more
> changes.
> 
> Also, IUC, it's possible to switch these hosts to Let's encrypt, now that
> they are not multi-tenanted.


I believe it makes more sense to migrate these to Lets Encrypt and jenkins.io
as soon as possible.

I have this in tickets:
 * https://issues.jenkins-ci.org/browse/INFRA-672
 * https://issues.jenkins-ci.org/browse/INFRA-673


That said, I thought these services were using the same certificate as
jenkins-ci.org just with additional names? If that's the case, then I believe
it might be beneficial to just renew for one more year since we haven't fully
shuttered the jenkins-ci.org domain.


Another option would be to start Lets Encrypt'ing jenkins-ci.org certificates
as well, which I'm loathe to do just because I want that domain to go away
already :P



- R. Tyler Croy

------------------------------------------------------
     Code: <https://github.com/rtyler>
  Chatter: <https://twitter.com/agentdero>

  % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20161101/9a2f8791/attachment.asc>


More information about the Jenkins-infra mailing list