[Jenkins-infra] SSL certificate renewal

Slide slide.o.mix at gmail.com
Mon Nov 6 16:09:06 UTC 2017


Does LetsEncrypt not work for this?

On Mon, Nov 6, 2017 at 8:51 AM Kohsuke Kawaguchi <kk at kohsuke.org> wrote:

> Wildcard certificate was necessary back when we had one machine (say
> cucumber) serving multiple HTTPS sites. I believe we do less of that
> nowadays, so if you prefer separate certificate for each of them, that's
> doable, too, but it requires more Puppet work, plus it'll be more costly
> ($60/yr for one domain vs $135/yr for 5 domains)
>
> repo.jenkins-ci.org is hosted Artifactory by JFrog with its own private
> key, so it needs its own separate certificate.
>
>
> On Mon, Nov 6, 2017 at 2:20 AM Olblak <me at olblak.com> wrote:
>
>> What's the benefit to have a wildcard certificate for jenkins-ci.org and
>> a single certificate for repo.jenkins-ci.org?
>>
>> ---
>> Github:  https://github.com/olblak
>> Twitter: https://twitter.com/0lblak
>> -> gpg --keyserver keys.gnupg.net --recv-key 52210D3D
>> ---
>>
>> On Sun, Nov 5, 2017, at 05:36 PM, R. Tyler Croy wrote:
>> > (replies inline)
>> >
>> > On Sun, 05 Nov 2017, Kohsuke Kawaguchi wrote:
>> >
>> > > GoDaddy pinged me that it's time of the various SSL cert renewals.
>> They
>> > > will expire Feb 2018.
>> > >
>> > > We currently have one multi-domain SSL for:
>> > >
>> > >    - updates.jenkins-ci.org
>> > >    - ci.jenkins-ci.org
>> > >    - svn.jenkins-ci.org
>> > >    - usage.jenkins-ci.org
>> > >    - jenkins-ci.org
>> > >
>> > > Another multi-domain SSL for:
>> > >
>> > >    - issues.jenkins-ci.org
>> > >    -
>> > >    - wiki.jenkins-ci.org
>> > >    - puppet.jenkins-ci.org
>> > >
>> > > And single domain SSL for:
>> > >
>> > >    - repo.jenkins-ci.org
>> > >
>> > > To my casual scan it seems like all of those are in use, so I'm going
>> to
>> > > renew them for another 2 years. Let me know if the infra team wants it
>> > > otherwise.
>> >
>> >
>> > Renew away!
>> >
>> >
>> >
>> > - R. Tyler Croy
>> >
>> > ------------------------------------------------------
>> >      Code: <https://github.com/rtyler>
>> >   Chatter: <https://twitter.com/agentdero>
>> >      xmpp: rtyler at jabber.org
>> >
>> >   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
>> > ------------------------------------------------------
>> > _______________________________________________
>> > Jenkins-infra mailing list
>> > Jenkins-infra at lists.jenkins-ci.org
>> > http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>> > Email had 1 attachment:
>> > + signature.asc
>> >   1k (application/pgp-signature)
>> _______________________________________________
>> Jenkins-infra mailing list
>> Jenkins-infra at lists.jenkins-ci.org
>> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>>
> --
> Kohsuke Kawaguchi
> _______________________________________________
> Jenkins-infra mailing list
> Jenkins-infra at lists.jenkins-ci.org
> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20171106/9e93b0fe/attachment.html>


More information about the Jenkins-infra mailing list