Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Domains on Pantheon Doc Update - Inclusion of warnings related to cert renewal failure. #9096

Open
ejcabquina opened this issue Jul 14, 2024 · 3 comments
Open

Domains on Pantheon Doc Update - Inclusion of warnings related to cert renewal failure. #9096

ejcabquina opened this issue Jul 14, 2024 · 3 comments
Assignees
@rachelwhitton
Labels
Process: High Priority Issue is critical / needs immediate attention Process: Needs SME Issue or PR that won't move forward without subject-matter expert contribution Topic: CDN Issue or PR relates to the Global CDN Topic: Security Type: New Content Request for or PR containing new content to existing page

Comments

@ejcabquina
Copy link

Re: Domains on Pantheon

Priority: High

Issue Description: Automated re-validation failure for domains pointed to 3rd-party WAF.

Suggested Resolution:

  • Inclusion of warning notes for potential failure in renewal of certs.
  • Inclusion of workarounds for WAF settings that could block cert renewal from Let's Encrypt (Exemption for /.well-known/acme-challenge/* path)
@stevector stevector added Topic: CDN Issue or PR relates to the Global CDN Topic: Security labels Jul 17, 2024
@rachelwhitton rachelwhitton added the Type: New Content Request for or PR containing new content to existing page label Jul 17, 2024
@ccharlton
Copy link
Contributor

ccharlton commented Sep 9, 2024
edited
Loading

@stevector @rachelwhitton the TSC who reported indicated the issue priority to consider is High.

The issue is a race condition since LE will still try to renew (policy docs get/can impacted, including routing! ouch!!). This issue has impacted live production sites post-launch, even if Domain Validation gets revoked/exempted.

Can we tag this issue as 'Priority: High Priority'?

@stevector stevector added Process: Needs SME Issue or PR that won't move forward without subject-matter expert contribution Process: High Priority Issue is critical / needs immediate attention labels Sep 10, 2024
@stevector
Copy link
Contributor

@ccharlton @ejcabquina I'm good with trying to move fast on this issue. But I don't think @rachelwhitton or I have enough context to write the needed PR ourselves, even with the suggestions from @ejcabquina in the report. Are either of you able to draft the needed text and/or make a PR?

@ejcabquina
Copy link
Author

Hi @stevector

not sure how best to communicate this but my ideas are mainly:

There's a platform gap here where we as a platform actually don't seem to have a something in place that detects this + send out email to notify customers. (or maybe we do detect this but I know for sure we're not sending out notification specific to this scenario.)

Adding this bug card here for +context - https://getpantheon.atlassian.net/issues/BUGS-8403?jql=ORDER%20BY%20created%20DESC

@rachelwhitton rachelwhitton self-assigned this Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rachelwhitton rachelwhitton

Labels
Process: High Priority Issue is critical / needs immediate attention Process: Needs SME Issue or PR that won't move forward without subject-matter expert contribution Topic: CDN Issue or PR relates to the Global CDN Topic: Security Type: New Content Request for or PR containing new content to existing page
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stevector @ccharlton @rachelwhitton @ejcabquina