Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACTION REQUIRED: GLB TLS Certificate expiration for primer.style #401

Open
octocerts opened this issue Aug 10, 2024 · 6 comments
Open

ACTION REQUIRED: GLB TLS Certificate expiration for primer.style #401

octocerts opened this issue Aug 10, 2024 · 6 comments
Assignees
@camertron @matthiaswenz

Comments

@octocerts
Copy link

ACTION REQUIRED - Certificate Expiration for primer.style on 2024-09-09

Hello! 👋

The GLB TLS certificate for primer.style expires on 2024-09-09.
Expiring certificate serial: 0322d80c64ddd9b3304c620010d94d6ffc09

The new certificate has been placed in Vault:

Application: primer-style
Environment: production

Key for GLB Certificate + Private Key: TLS_CERTIFICATE

Deploying the application will automatically update the certificate. Please close this issue when you have verified the renewal of your certificate.

If you believe that your team has received this issue in error, please reach out to us in #secure-access-engineering in Slack.
@lesliecdubs
Copy link
Member

@matthiaswenz is actively working on primer.style and @camertron has been involved in renewing our expiring certs. Can you both please make sure this gets taken care of by the 09-09 deadline?

@camertron
Copy link
Contributor

Yep, this is the one we have a calendar event for 😅 Unfortunately the information in this issue is wrong - re-deploying the app will not fix the problem. I just checked the Azure console and it appears that the new cert was not automatically added to the primerstyle App Service as it should have been, which confirms our suspicion that some part of the automation needs more access.

In any case, primer.style will not be affected by this cert expiring because we are using an Azure-generated cert that expires 11-23-2024:

$ openssl s_client -connect primer.style:443 2>/dev/null | openssl x509 -noout -dates
notBefore=May 23 00:00:00 2024 GMT
notAfter=Nov 23 23:59:59 2024 GMT

@lesliecdubs
Copy link
Member

Thanks for checking this out further @camertron. Can you please reach back out to #secure-access-engineering as referenced in the issue? I know we didn't technically receive this issue in error, but we ought to report that the information in the issue is incorrect and confirm whether they'd like to go ahead and close this issue or update it.

@lesliecdubs
Copy link
Member

👋 @matthiaswenz we think this issue will be null once we have moved primer.style to Next.js. Do you have an expected timeframe for the new site to go live? Asking because we are trying to figure out how deep we need to go with ensuring the current primer.style cert doesn't expire.

@matthiaswenz
Copy link

Correct, this kind of cert issue should be void with GitHub issued certificates once we move primer.style to a Moda application which https://github.com/github/primer/issues/3629 laid the foundation for.

The timeline on when this new site will launch publicly is yet to be defined in detail with @dipree - though a date before November 23 shuold be feasible.

@camertron
Copy link
Contributor

Great, thanks @matthiaswenz :) Given that we're not actually using this cert, and given that we're moving primer.style to Moda anyway, I think there's no reason to continue working on creating our own cert via octocerts/secrets-federation and instead continue to rely on the cert generated and managed by Azure 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@camertron camertron

@matthiaswenz matthiaswenz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@camertron @matthiaswenz @lesliecdubs @octocerts