On Sat, 2017-07-22 at 13:59 +0200, Bill Allombert wrote: > By the way, do you know how to setup popcon.debian.org so that > https://popcon.debian.org work ?
Make sure that the popcon clients can submit via https and find out any incompatibility issues with existing versions in the wild. If there isn't one already, add some way of setting which certificates directory popcon uses, since debian.org hosts are now submitting to popcon and also debian.org hosts do not trust any CAs by default, just the end service certs and most software in Debian cannot verify end service certs directly any more so we have to pass the right directory to https software. https://wiki.debian.org/ServicesSSL Add another line in the LE config: https://anonscm.debian.org/cgit/mirror/letsencrypt-domains.git/tree/domains Adjust the apache2 configuration to move most of the config to a macro add a https vhost that uses the ssl macros. I assume for compatibility you probably don't want to redirect http to https though? /etc/apache2/conf-available/puppet-ssl-macros.conf I think there might be some other things around public key pinning, so it might be best for you to submit a ticket for this so that all the necessary things get done. https://wiki.debian.org/rt.debian.org -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
