Updating Certificates
• Mark Eschbach
I have let some certificates expire. I really need to build a dashboard and notification system to let me know early on. In the past I tweaked on written by Ron Kuris but it was written in Go, so it was not as flexible as I would have liked.
I will start with external facing sites. First up is meschbach.com. I retrieved
the certificate using openssl s_client -connect meschbach.com:443
, placing the certificate into a file. In the future
it would be great to find a command to just grab the certificate so I can automate this. Dumping the certificate using
openssl x509 -in crt -text -noout
shows it expired in 2017. Oops!
Turns out I have a newer certificate already in the configuration repository. Not that the certificate there did not expire on the 5th of this month but definitely not the certificate provided. The certificate only lasted three months. Much shorter than I hoped. Time to sniff out why it is not deployed.
For some reason the Nginx had the correct certificate. The service was just using the old certificate. Unfortunate. At least the updates are easy enough to fix. After updating the certificate using the HTTP method it definitely was the result of not restrating the service.
Bummer this is takinga while. I will need to return at a future time to complete it.