action #132461
Updated by okurz 10 months ago
## Motivation (We got informed)[https://app.slack.com/client/T02863RC2AC/C04MDKHQE20/thread/C04MDKHQE20-1688735468.778099] that ariel/o3 will have no hydra/ha-proxy setup in the new location. Therefore we need to handle our tls certificates for nginx on our own in the future. ## Acceptance criteria * **AC1:** openqa.opensuse.org has a valid certificate requested by the webhost itself * **AC2:** **AC1.1:** the process is fully automated and certificate renewal requires no human interaction * **AC3:** Any generalizable config snippets are in github.com/os-autoinst/openQA/ ## Suggestions * Install an Lets Encrypt compatible client on ariel (see https://wiki.archlinux.org/title/Transport_Layer_Security#ACME_clients for a list) - nsinger recommends (dehydrated)[https://github.com/dehydrated-io/dehydrated] * Adjust nginx to serve the ACME challenges and reconfigure existing entries to use that new certificate * Feel welcome to experiment on o3 as long as you monitor closely that everything still works as expected or is quickly reverted on problems * Submit any generalizable config snippets into github.com/os-autoinst/openQA/, e.g. as commented nginx config templates