Apple push notification(APN) certificates expired 2019 - SSL/TLS errors

I see the following errors in Sentry for gitter-beta-01 which are firing a lot

I can still access https://beta.gitter.im/ and wss://ws-beta.gitter.im/faye over HTTPS though

---

/opt/gitter/gitter-webapp/node_modules/apn/lib/credentials/validate.js https://www.npmjs.com/package/apn

certificate has expired: 2019-06-29T16:18:04.000Z

• https://sentry.gitlab.net/gitlab/gitter-backend/issues/827153/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/828587/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/828586/

---

---

Client network socket disconnected before secure TLS connection was established

• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/526440/

---

---

140455808661376:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 45

• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/826760/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/826764/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/826765/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/826763/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/826761/
• https://sentry.gitlab.net/gitlab/gitter-backend-beta/issues/826759/

Cause

Apple push notification(APN) certificate is expired

We use https://www.npmjs.com/package/apn for APN stuff

Remediation

Instructions for updating are here, https://gitlab.com/gl-gitter/secrets#update-apple-push-notification-apn-certskeys

Updated keys/certs in https://gitlab.com/gl-gitter/secrets/tree/d57d20d5b3fa7783d101416df463e6c5922aefe2/webapp/apple-push-notifications

Previous MR where we updated the certs: https://gitlab.com/gl-gitter/secrets/merge_requests/9

cc @viktomas