re-request MDN stage/prod certs

[bookshelfdave]

do we include mdn.mozillademos.org on the cert as well
yes

@jgmize can these certs be requested through ACM?
yes

[bookshelfdave]

requested:

• developer.mozilla.org (+ mdn.mozillademos.org)
  • arn:aws:acm:us-west-2:236517346949:certificate/acc4b18f-19cf-4977-a8ba-642d8afc831d
• developer.allizom.org
  • arn:aws:acm:us-west-2:236517346949:certificate/b60318b8-4876-497c-aa4f-fa5fcee4141c
  • arn:aws:acm:us-west-2:236517346949:certificate/a3ab853f-7c7b-42f2-8317-766e13979be2
• mdn-dev.moz.works (for pre-release testing)
  • arn:aws:acm:us-west-2:236517346949:certificate/7cc49528-32a2-4433-8b38-506325aae062

[bookshelfdave]

@escattone dev/stage/prod certs ARNs listed above

[escattone]

@metadave Thanks so much as well for setting-up DNS formdn-dev.moz.works! I've started using it in the build automation and it's so much better than using the AWS ARN for the ELB.

[bookshelfdave]

@escattone I'll request a new cert for stage with developer-samples.allizom.org on it.

[jgmize]

cert approved

[escattone]

@metadave Sorry, but I just realized that we have developer-local.allizom.org as an allowed domain for staging, but I'm not sure if/how it's used. Did you already have that within the cert for staging?

Here's what I see for allowed hosts for staging and prod. Do they match with what you have in your certs?

STAGE:

• developer.allizom.org
• developer-local.allizom.org
• developer-samples.allizom.org

PROD:

• developer.mozilla.org
• developer.cdn.mozilla.net
• mdn.mozillademos.org

[jwhitlock]

At first, I thought it might be the stage CDN name. Looking at the page source, there doesn't appear to be a CDN domain for staging in SCL3. Static files are served from developer.allizom.org.

https://developer-local.allizom.org was the name of the service when running in the Vagrant environment. Vagrant would update /etc/hosts to add an entry to the Vagrant IP. A locallly-generated SSL cert would be created, and the developer would need to accept it into their local cert store. Good times.

I don't think we need to provision a cert for developer-local.allizom.org for AWS.

[bookshelfdave]

our staging cert has developer.allizom.org and developer-samples.allizom.org, so I think we're ok for now.

[escattone]

Thanks @metadave, and thanks for the history on developer-local.allizom.org @jwhitlock! "Good times" 😄

[bookshelfdave]

new certs requested with the following names:

• prod

  • developer.mozilla.org
  • prod.mdn.moz.works
  • mdn.mozillademos.org

• stage

  • developer.allizom.org
  • stage.mdn.moz.works
  • developer-samples.allizom.org

[bookshelfdave]

cc @jgmize

[bookshelfdave]

@escattone we'll need to update the prod and stage ELB configs to use the new cert ARN's once they're approved.

[bookshelfdave]

config updated with new certs: #499

[bookshelfdave]

previous certs deleted from ACM