[tor-bugs] #30509 [Circumvention/Snowflake]: snowflake-broker certificate fetch failing after update
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 14 21:33:47 UTC 2019
#30509: snowflake-broker certificate fetch failing after update
-------------------------------------+------------------------
Reporter: cohosh | Owner: (none)
Type: defect | Status: closed
Priority: Immediate | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution: fixed
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+------------------------
Comment (by dcf):
Replying to [comment:3 cohosh]:
> I've set up snowflake.agogagave.com to route to the snowflake-broker
machine, but it's going to take a while for the DNS update to propagate so
that we can pass the Let's Encrypt challenge.
I think this would not have worked as a quick fix. The broker would get a
certificate under the new name, but the Azure domain front would still
have been pointing to the old name. So I would have had to update the CDN
configuration to point to the new name (takes at least a coupld of days),
or (worst case if I was unreachable) set up a whole new domain front and
push a new release configured to use it. The SSL cert name isn't really a
critical dependency, but the CDN configuration is. We should migrate the
CDN configuration somewhere where we can share admin (or I can see if it's
possible to delegate adminship on Azure). I opened #30510.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30509#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list