#dev | Logs for 2018-09-10
« return
[12:45:27] <Bytram> TheMightyBuzzard: kewel beans! Just got an email (sent to admin@) from let's encrypt remind us our cert was to expire at the end of the month.
[12:45:30] <Bytram> reminders++
[12:45:30] <Bender> karma - reminders: 1
[12:47:35] <TheMightyBuzzard> Bytram, yeah, i'll try and find time to get that done this week. going to involve writing tech wiki instructions as well, so it's not a thirty second endeavor.
[12:51:47] <Bytram> nod nod
[12:51:58] <Bytram> beware of letting the perfect being the enemy of the good
[12:52:29] <TheMightyBuzzard> no worries there. our system is far from perfect.
[12:52:32] * Bytram wishes he could just watch over your shoulder and record each thing you see and then do as a result. Is much like documenting a test case.
[12:53:52] <TheMightyBuzzard> the fun part's going to be remembering all the things that use the LE cert and making sure they get pointed to and start using the new one.
[12:54:37] <Bytram> okaaay
[12:55:04] <Bytram> so, that'smore than just alist of the domain names, right?
[12:55:18] <Bytram> you're talking about all the services, etc. that rely on the certs?
[12:55:22] <TheMightyBuzzard> yes
[12:55:26] <Bytram> k
[12:55:46] <TheMightyBuzzard> it's pretty easy to forget one
[12:55:59] <Bytram> that's what I'm here for!
[12:56:00] <Bytram> ~blame
[12:56:02] * exec points at Bytram
[12:56:05] <Bytram> =)
[12:56:25] <Bytram> grep -IR "something..something" ??
[12:56:30] <TheMightyBuzzard> nope
[12:56:45] <Bytram> yeah, thought so, but thought it wouldn't hurt to ask
[12:56:59] <TheMightyBuzzard> services are spread out across multiple machines, so the cert has to be distributed to all of them.
[12:57:18] <Bytram> k
[12:57:48] <TheMightyBuzzard> like irc don't run on the load balancer
[12:58:04] <TheMightyBuzzard> though it could, really.
[12:58:22] <TheMightyBuzzard> anyway, i need nicotine
[12:58:34] <Bytram> wait, are we talking about the certs that the *services* need to be inplace on the machines in order to do their servicing... or the ones that need to be there for the user to be able to run the stuff that the service provides (like an encrypted web page)... or... both? more?
[12:58:40] <Bytram> nod nod
[12:59:10] * Bytram is expecting a phone cal w/in the next half hour or so... will be offline for a bit when it comes in
[13:00:28] <TheMightyBuzzard> um, same thing.
[13:00:55] * TheMightyBuzzard scoots outside
[13:12:26] <TheMightyBuzzard> certs are used for encrypting traffic between the services and the users.
[13:20:27] * Bytram is not yet awake
[13:21:06] <Bytram> so, this is the private key / public key thing, right?
[13:22:17] <TheMightyBuzzard> yeah. only the services get the privkey
[13:22:36] <Bytram> ahhh, okay. Starting to gel in myhead.
[13:24:14] <Bytram> and when something wants the key, they just ask for that... there's nothing identifying what they want to use it for, so you don't have an easy way to find out *exactly* what uses it (such as an access log or something)
[13:25:02] <TheMightyBuzzard> only the services get to read the privkey. users only get the cert.
[13:25:35] <Bytram> one mental model crumbles
[13:26:27] <Bytram> heh heh
[13:26:46] <Bytram> just replace the active cert on dev with an expired one and see what falls over!
[13:26:47] <Bytram> ;0
[13:26:48] <TheMightyBuzzard> privkey/pubkey. only you get the privkey, everyone else gets the pubkey.\
[13:26:53] <Bytram> nod nod
[13:32:34] <Bytram> ok, phone call any moment.... gtg
[13:32:43] <Bytram> thanks for the primer!
[16:19:47] -!- chromas has quit [Ping timeout: 248 seconds]
[16:43:51] -!- chromas [chromas!~chromas@Soylent/Staff/Editor/chromas] has joined #dev
[18:44:51] -!- chromas has quit [Ping timeout: 248 seconds]
[18:57:53] -!- chromas [chromas!~chromas@Soylent/Staff/Editor/chromas] has joined #dev
[19:00:09] -!- chromas has quit [Client Quit]
[19:00:23] -!- chromas [chromas!~chromas@Soylent/Staff/Editor/chromas] has joined #dev