-
diane
I wonder if it'd be effective to have an easy to set up option for the server to message the admin the certificate is going to expire soon.
-
Sapotaceae
better to set it up to automatically renew the certificate
-
diane
it is. I will admit that it took me several lets encrypt expirations before i got the deploy-hook argument right (And then every so often I have to figure it out for another service)
-
diane
so there's still might be a a place for a reminder
-
@bkil:matrix.org
Yeah, we were actually discussing this in another room that it would be great if someone ran a bot to monitor great FOSS/community sites for both TLS & domain expiry and perhaps exploits in the frameworks and such.
-
moparisthebest
iirc someone runs a bot that does some of that
-
@bkil:matrix.org
URL?
-
@bkil:matrix.org
I mean sure, squatters run bots like that... 🙄
-
moparisthebest
Well now I can't find it, if it's still ran I'm sure someone will share the link
-
@bkil:matrix.org
If the bot didn't send you an email about the above expiry, it clearly isn't running or doesn't have all servers added to its list.
-
moparisthebest
It was opt-in
-
Martin
o.j.n?
-
Martin
https://observe.jabber.network/
-
moparisthebest
That's the one, thanks!
-
Menel
If someone can do lua... There is also an old prosody module that warns about it with a message to the admins. But it needs some love. Doesn't work anymore with a modern Prosody
-
root
Menel: I get cert expirey notifications on prosody 0.12.1
-
Menel
How?
-
root
Via the domain transport. "domain.tld" send the admin a message "certificate for host domain.tld expires in xyz days".✎ -
root
Via the domain transport. "domain.tld" sends the admin a message "certificate for host domain.tld expires in xyz days". ✏
-
Menel
Yeah, but what service did you enable for it? What script/program/mod does it?
-
root
It was built in maybe? It was a while ago that I configured it, honestly it might have been carried over from v11.
-
root
I would have to go look at my config to tell you for certain.
-
Menel
Hm. I've never had a cert expired . so I never testes what would happen. But I've not seen this magic in the docs
-
root
Menel: https://modules.prosody.im/mod_checkcerts.html That's the mod I have to notify me of expired certs.
-
Menel
Interesting. I thought it wouldn't work anymore. > Originally written for Prosody 0.9.x, apparently incompatible with 0.10.x. Will have to try again
-
Menel
Thanks for the info
-
root
No problem, I figured it could not hurt to try and see if it works, it didn't break my server so I left it, forgot about it, then 2 days ago it started telling me my certs are expiring for my secondary server.
-
@bkil:matrix.org
How much in advance does it remind you?
-
root
@bkil:matrix.org: default is one week, I have it set for 2.
-
Menel
I've a monitor service thay would remind me, (uptime kuma) and letsencrypt sends mails too by default.. But there can't be enough 😄
-
MattJ
You don't have observe.jabber.network too??
-
Menel
Not yet 😄
-
Menel
(And I've even never needed any of it yet)
-
moparisthebest
Menel: you've done it now, those are famous last words
-
Ge0rG
you just didn't know that you need it yet
-
Menel
I'm also that guy at the hospital that says in the mid of the nightshift how calm it is today 😆. Coworkers go nuts .
-
root
Better get observe.jabber.network now...
-
moparisthebest
Oh no Menel , knock on some wood immediately
-
root
I would for him, but real wood doesn't exist anymore 😅