[Jenkins-infra] SSL certificate renewal

Kohsuke Kawaguchi kk at kohsuke.org
Mon Nov 6 15:51:01 UTC 2017


Wildcard certificate was necessary back when we had one machine (say
cucumber) serving multiple HTTPS sites. I believe we do less of that
nowadays, so if you prefer separate certificate for each of them, that's
doable, too, but it requires more Puppet work, plus it'll be more costly
($60/yr for one domain vs $135/yr for 5 domains)

repo.jenkins-ci.org is hosted Artifactory by JFrog with its own private
key, so it needs its own separate certificate.


On Mon, Nov 6, 2017 at 2:20 AM Olblak <me at olblak.com> wrote:

> What's the benefit to have a wildcard certificate for jenkins-ci.org and
> a single certificate for repo.jenkins-ci.org?
>
> ---
> Github:  https://github.com/olblak
> Twitter: https://twitter.com/0lblak
> -> gpg --keyserver keys.gnupg.net --recv-key 52210D3D
> ---
>
> On Sun, Nov 5, 2017, at 05:36 PM, R. Tyler Croy wrote:
> > (replies inline)
> >
> > On Sun, 05 Nov 2017, Kohsuke Kawaguchi wrote:
> >
> > > GoDaddy pinged me that it's time of the various SSL cert renewals. They
> > > will expire Feb 2018.
> > >
> > > We currently have one multi-domain SSL for:
> > >
> > >    - updates.jenkins-ci.org
> > >    - ci.jenkins-ci.org
> > >    - svn.jenkins-ci.org
> > >    - usage.jenkins-ci.org
> > >    - jenkins-ci.org
> > >
> > > Another multi-domain SSL for:
> > >
> > >    - issues.jenkins-ci.org
> > >    -
> > >    - wiki.jenkins-ci.org
> > >    - puppet.jenkins-ci.org
> > >
> > > And single domain SSL for:
> > >
> > >    - repo.jenkins-ci.org
> > >
> > > To my casual scan it seems like all of those are in use, so I'm going
> to
> > > renew them for another 2 years. Let me know if the infra team wants it
> > > otherwise.
> >
> >
> > Renew away!
> >
> >
> >
> > - R. Tyler Croy
> >
> > ------------------------------------------------------
> >      Code: <https://github.com/rtyler>
> >   Chatter: <https://twitter.com/agentdero>
> >      xmpp: rtyler at jabber.org
> >
> >   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
> > ------------------------------------------------------
> > _______________________________________________
> > Jenkins-infra mailing list
> > Jenkins-infra at lists.jenkins-ci.org
> > http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
> > Email had 1 attachment:
> > + signature.asc
> >   1k (application/pgp-signature)
> _______________________________________________
> Jenkins-infra mailing list
> Jenkins-infra at lists.jenkins-ci.org
> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>
-- 
Kohsuke Kawaguchi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20171106/3c7f2b2f/attachment.html>


More information about the Jenkins-infra mailing list