You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Acme-chief

From Wikitech-static
Jump to navigation Jump to search

Acme-chief is an application resulting from the Wikimedia Hackathon 2018 that is to be used to centrally request configured TLS certificates from ACME servers, then make the public and private parts available to authorised API users.

See T235252 for how to set this up for a Cloud VPS project - particularly the service account creation subtask which needs to be performed by the cloud administrators.

In production this is already set up to manage production DNS, most people probably just want to know to find the certificate configuration in the hieradata/role/common/acme_chief.yaml file in operations/puppet.git.

Monitoring

If acme-chief is having issues, you should also check the Let's Encrypt status page to make sure it isn't having an outage or maintenance.

See also