PDA

View Full Version : The SSL Certificate



Jakkal
September 16th, 2019, 06:42 PM
We're aware there's an issue with it. Unfortunately this is a host issue, as there's nothing I can do about it. We're still looking into what the problem is and might be. This is just part of the growing pains of switching hosts. Hopefully it will be resolved soon.

Alynna
September 17th, 2019, 08:29 AM
We're aware there's an issue with it. Unfortunately this is a host issue, as there's nothing I can do about it. We're still looking into what the problem is and might be. This is just part of the growing pains of switching hosts. Hopefully it will be resolved soon.

The issue is now resolved.

Technical details:
We use a letsencrypt cert which needs to be renewed every 90 days.
To renew it, we have to prove we still own the domain.
In order to do that, letsencrypt sends me cookies that need to be placed in DNS. Then it checks if the cookie is there, and if it is, it renews our cert.
In order for me to put that cookie into DNS, I need a way to automatically modify DNS at the time cert renewal is happening.
Unfortunately Jakkal's DNS provider does not provide a way to do this.

I was eventually able to figure out, however, that if we set CNAMEs (basically an alias) in her DNS that pointed at mine, then I could modify my own DNS records (werelist.kitsunet.net) and have it be perfectly fine with it.

Since this also uses the same cert renewal system I use for my own domains, which checks every 14 days if it is time to renew, it should now properly renew in advance of expiration in the future.
Which means not having this issue come up again.