XMPP Service Operators - 2022-08-29

  1. diane

    I wonder if it'd be effective to have an easy to set up option for the server to message the admin the certificate is going to expire soon.

  2. Sapotaceae

    better to set it up to automatically renew the certificate

  3. diane

    it is. I will admit that it took me several lets encrypt expirations before i got the deploy-hook argument right (And then every so often I have to figure it out for another service)

  4. diane

    so there's still might be a a place for a reminder

  5. @bkil:matrix.org

    Yeah, we were actually discussing this in another room that it would be great if someone ran a bot to monitor great FOSS/community sites for both TLS & domain expiry and perhaps exploits in the frameworks and such.

  6. moparisthebest

    iirc someone runs a bot that does some of that

  7. @bkil:matrix.org

    URL?

  8. @bkil:matrix.org

    I mean sure, squatters run bots like that... 🙄

  9. moparisthebest

    Well now I can't find it, if it's still ran I'm sure someone will share the link

  10. @bkil:matrix.org

    If the bot didn't send you an email about the above expiry, it clearly isn't running or doesn't have all servers added to its list.

  11. moparisthebest

    It was opt-in

  12. Martin

    o.j.n?

  13. Martin

    https://observe.jabber.network/

  14. moparisthebest

    That's the one, thanks!

  15. Menel

    If someone can do lua... There is also an old prosody module that warns about it with a message to the admins. But it needs some love. Doesn't work anymore with a modern Prosody

  16. root

    Menel: I get cert expirey notifications on prosody 0.12.1

  17. Menel

    How?

  18. root

    Via the domain transport. "domain.tld" send the admin a message "certificate for host domain.tld expires in xyz days".

  19. root

    Via the domain transport. "domain.tld" sends the admin a message "certificate for host domain.tld expires in xyz days".

  20. Menel

    Yeah, but what service did you enable for it? What script/program/mod does it?

  21. root

    It was built in maybe? It was a while ago that I configured it, honestly it might have been carried over from v11.

  22. root

    I would have to go look at my config to tell you for certain.

  23. Menel

    Hm. I've never had a cert expired . so I never testes what would happen. But I've not seen this magic in the docs

  24. root

    Menel: https://modules.prosody.im/mod_checkcerts.html That's the mod I have to notify me of expired certs.

  25. Menel

    Interesting. I thought it wouldn't work anymore. > Originally written for Prosody 0.9.x, apparently incompatible with 0.10.x. Will have to try again

  26. Menel

    Thanks for the info

  27. root

    No problem, I figured it could not hurt to try and see if it works, it didn't break my server so I left it, forgot about it, then 2 days ago it started telling me my certs are expiring for my secondary server.

  28. @bkil:matrix.org

    How much in advance does it remind you?

  29. root

    @bkil:matrix.org: default is one week, I have it set for 2.

  30. Menel

    I've a monitor service thay would remind me, (uptime kuma) and letsencrypt sends mails too by default.. But there can't be enough 😄

  31. MattJ

    You don't have observe.jabber.network too??

  32. Menel

    Not yet 😄

  33. Menel

    (And I've even never needed any of it yet)

  34. moparisthebest

    Menel: you've done it now, those are famous last words

  35. Ge0rG

    you just didn't know that you need it yet

  36. Menel

    I'm also that guy at the hospital that says in the mid of the nightshift how calm it is today 😆. Coworkers go nuts .

  37. root

    Better get observe.jabber.network now...

  38. moparisthebest

    Oh no Menel , knock on some wood immediately

  39. root

    I would for him, but real wood doesn't exist anymore 😅