Revert short acme order expiration time
What does this MR do?
Reverts !22878 (merged)
Shortening of an expiration time for acme orders made us hit Let's Encrypt rate limit for new orders: #197978 (closed)
We try to renew all these 917 domains every 2 hours, hit rate limit and retry every 15 minutes
[ gprd ] production> PagesDomain.need_auto_ssl_renewal.count
=> 917
[ gprd ] production> PagesDomain.need_auto_ssl_renewal.where.not(certificate:nil).count
=> 358
[ gprd ] production> PagesDomainAcmeOrder.expired.count
=> 154
[ gprd ] production> PagesDomainAcmeOrder.count
=> 770
The rate limit is:
For users of the ACME v2 API you can create a maximum of 300 New Orders per account per 3 hours. https://letsencrypt.org/docs/rate-limits/
Currently, we can make order expiration time about 9 hours (917 / 300 * 3), but I'd vote for just rolling back the change since the release date is very close.
And we'll need to expedite #30146 (closed)
Self-managed customers are unlikely to face the issue, but I think it's still better to revert this change in the %12.7, so I'm adding Pick into auto-deploy. Is this enough to push this MR to the release?
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Merge request reports
Activity
changed milestone to %12.8
added Category:Pages devopsrelease [DEPRECATED] priority2 severity2 typebug + 1 deleted label
added Pick into auto-deploy label
1 Message 📖 CHANGELOG missing: If this merge request doesn’t need a CHANGELOG entry, feel free to ignore this message. You can create one with:
bin/changelog -m 23399 "Revert short acme order expiration time"
If you want to create a changelog entry for GitLab EE, run the following instead:
bin/changelog --ee -m 23399 "Revert short acme order expiration time"
Note: Merge requests with ~backstage, ci-build, meta do not trigger this check.
Reviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has randomly picked a candidate for each review slot. Feel free to override this selection if you think someone else would be better-suited, or the chosen person is unavailable.
Once you've decided who will review this merge request, mention them as you normally would! Danger does not (yet?) automatically notify them for you.
Category Reviewer Maintainer backend Patrick Bajao ( @patrickbajao
)Mayra Cabrera ( @mayra-cabrera
)Generated by
🚫 Danger@nick.thomas can you please review this?
❤ It's a revert so I hope skipping developer review is ok...
Also, do I need anything else except adding Pick into auto-deploy, for this MR to be in the %12.7?
assigned to @nick.thomas and unassigned @vshushlin
assigned to @sean_carroll
- Resolved by Nick Thomas
- Resolved by Nick Thomas
- Resolved by Nick Thomas
Thanks @vshushlin I left a couple of comments but not blocking, have approved it.
unassigned @sean_carroll
LGTM, thanks @vshushlin
I think Pick into auto-deploy is sufficient.
mentioned in commit fdd4a846
mentioned in commit 5e37c15f
removed Pick into auto-deploy label
Thank you, @stanhu!
💯
Automatically picked into !23551 (merged), will merge into
12-7-stable-ee
ready for12.7.1-ee
.mentioned in commit cf30a9da
mentioned in merge request !23551 (merged)