CI: Certificates for CI domain have expired
Summary
The Cloud Native GitLab charts make use of helm-charts.win domain for their CI domain. This domain's certificate expired 2019-11-08 at 23:59:59
Problem
All tests (spec, automation, QA) are failing on all branches of the CI for this project because of this certificate expiration.
Investigating the runbooks regarding SSL certificates shows that several project-related domains are "defunct"
See snippet:
Defunct certs (dead hosts, no longer used, etc)
| domain | issuer | valid until | Comments |
|---|---|---|---|
| *.helm-charts.win | COMODO RSA Domain Validation Secure Server CA | 2019-11-08T23:59:59 | times out |
| *.eks.helm-charts.win | Sectigo RSA Domain Validation Secure Server CA | 2020-04-01T23:59:59 | does not resolve |
Details
@gitlab-org/distribution intentionally did not use Let's Encrypt for the helm-charts.win domain, so that we would not run into an issue with rate limiting. At the time the domain was registered, and the process began, wildcard was not available from LE.
Let's Encrypt does now support wildcard, but only within DNS-01 validation.
Logs
master specs failed with
OpenSSL::SSL::SSLError:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)