Certificate renewal is in progress. It will be done by Oracle admins

On 1.12.2016 18:52, Mark Struberg wrote:
You have to renew LE certificates every few months.
And out of a security-paranoia aspect I guess we want to do this renewal 
So I agree it's not really practical.

Even after Oracle donates the nb.org domain I guess it will still remain active 
(just to prevent domain grabbing). I assume it will simply redirect to 
netbeans.apache.org. Or might even continue to serve as an enduser facing page. 
In any case we will continue to have a certificate.

Now from the strictly practical point: Oracle still owns the domain. It was not 
yet handed over, right? And Oracle still has the sole control over the hosts. 
So I assume it will be the easiest if Oracle would renew the certificate for 
this time. We would not be able to install any new cert anyway.


Am 29.11.2016 um 17:54 schrieb Emilian Bold <emilian.b...@gmail.com>:

When you mention sub-domains I assume you are thinking of *.apache.org.

netbeans.org would be a separate domain where you could user Lets Encrypt
without issues.


On Mon, Nov 28, 2016 at 6:47 PM, Daniel Gruno <humbed...@apache.org> wrote:

On 11/28/2016 05:43 PM, Emilian Bold wrote:
Yeah, with Let's Encrypt this is less of a hassle I assume.

În lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz <
a scris:

On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <e...@apache.org> wrote:
...perhaps Oracle will be kind enough to renew the certificate and
donate to
ASF the private keys when all is done?...
Daniel as our infra mentor will be able to confirm but I suppose we
have all we need in house, probably using free certificates in which
case that wouldn't be needed. but thanks for the suggestion - let's
wait for Daniels' opinion.
Not free, but we can produce certs for domains we own, yes.
We don't use Lets Encrypt at the ASF, it's just not practical when you
have a distributed setup with some 400+ sub-domains (LE does not support
wildcard certs).


Reply via email to