XMPP Service Operators - 2022-08-29

I wonder if it'd be effective to have an easy to set up option for the server to message the admin the certificate is going to expire soon.

better to set it up to automatically renew the certificate

it is. I will admit that it took me several lets encrypt expirations before i got the deploy-hook argument right (And then every so often I have to figure it out for another service)

so there's still might be a a place for a reminder

Yeah, we were actually discussing this in another room that it would be great if someone ran a bot to monitor great FOSS/community sites for both TLS & domain expiry and perhaps exploits in the frameworks and such.

iirc someone runs a bot that does some of that

URL?

I mean sure, squatters run bots like that... 🙄

Well now I can't find it, if it's still ran I'm sure someone will share the link

If the bot didn't send you an email about the above expiry, it clearly isn't running or doesn't have all servers added to its list.

It was opt-in

o.j.n?

https://observe.jabber.network/

That's the one, thanks!

If someone can do lua... There is also an old prosody module that warns about it with a message to the admins. But it needs some love. Doesn't work anymore with a modern Prosody

Menel: I get cert expirey notifications on prosody 0.12.1

How?

Via the domain transport. "domain.tld" sends the admin a message "certificate for host domain.tld expires in xyz days". ✏

Yeah, but what service did you enable for it? What script/program/mod does it?

It was built in maybe? It was a while ago that I configured it, honestly it might have been carried over from v11.

I would have to go look at my config to tell you for certain.

Hm. I've never had a cert expired . so I never testes what would happen. But I've not seen this magic in the docs

Menel: https://modules.prosody.im/mod_checkcerts.html That's the mod I have to notify me of expired certs.

Interesting. I thought it wouldn't work anymore. > Originally written for Prosody 0.9.x, apparently incompatible with 0.10.x. Will have to try again

Thanks for the info

No problem, I figured it could not hurt to try and see if it works, it didn't break my server so I left it, forgot about it, then 2 days ago it started telling me my certs are expiring for my secondary server.

How much in advance does it remind you?

@bkil:matrix.org: default is one week, I have it set for 2.

I've a monitor service thay would remind me, (uptime kuma) and letsencrypt sends mails too by default.. But there can't be enough 😄

You don't have observe.jabber.network too??

Not yet 😄

(And I've even never needed any of it yet)

Menel: you've done it now, those are famous last words

you just didn't know that you need it yet

I'm also that guy at the hospital that says in the mid of the nightshift how calm it is today 😆. Coworkers go nuts .

Better get observe.jabber.network now...

Oh no Menel , knock on some wood immediately

I would for him, but real wood doesn't exist anymore 😅