SSL cert error

[hankache]

[zoffixznet]

Looks like something happened in the past ~24hr that broke the cert 'cause the site worked for me fine around that time...

[zoffixznet]

Thanks to moritz++ the issue is now fixed.

[moritz]

Ok, let me try to describe what happened:

• I got an email from a cert monitor, warning me that the certs would expire in 7 days
• I manually ran the cron job (/root/letsencrypt/more-certs.sh) that is supposed to renew the certs. It didn't give any errors
• I restarted apache, checked the certs, still 7 days expiry date
• It turns out the new certs were being written to /etc/letsencrypt/live/www.perl6.org/, while Apache used /etc/letsencrypt/live/design.p6c.org/ as the directory for its *.pem files
• I ran perl -i -pE 's{live/design.p6c.org/}{live/www.perl6.org}g' * in /etc/apache2/sites-enabled/ to address this issue
• restarted apache, check the perl6.org cert in the browser, was happy

But it turns out that the cron job uses a hardcoded list of domains, and is a bit outdated, so it didn't include rakudo.org and its subdomain(s).

Later, @zoffixznet noticed that rakudo.org didn't have a valid cert, and tried to fix it. This was complicated by the fact that the the perl -i ... script replaced the symlinks in /etc/sites-enabled to modified copies of the files, so editing the files in /etc/sites-avaiable didn't have any effect.

By the time I read Zoffix's messages on the topic, and realized the symlink problem, we had already run into a rate limit from let's encrypt, and we couldn't obtain new certs anymore.

For the moment, I've re-instated the old certs, so we still have to get new certs in the next ~6 days.