| cspeckmim | |
| Mar 27 2018, 7:53 PM |
| F5493628: Screen Shot 2018-03-27 at 3.51.20 PM.png | |
| Mar 27 2018, 7:53 PM |
It looks like the SSL certificate expired earlier today. A user on the historic IRC channel reported that they could not use the link in the channel topic to get to the discourse.
I gave them the resolved URL for the time being (https://discourse.phabricator-community.org/)
See also T12917 and a brief mention in T13062.
I'd ideally like to move forward toward some more robust mechanism for domain MX records, but I'm really hesitant about that mechanism being "run a mailserver". I don't think Gsuite is a good fit for the problem. We could use existing inbound mailers but Postmark (at least) can only fire webhooks for inbound, not forward, and we don't have a great catch basin for an everything@<various random domains>.tld webhook to hit.
I'm going to see if I can just route this through personal MX for now, as a stopgap to get it transferred. If that doesn't work (e.g., because AWS can't receive .io domains via transfer) I'll just swap the certificate for now.
(See also T7125, but this particular problem has conceptually been solved for every domain except phurl.io by using AWS certificates.)
I was able to MX phurl.io and get an SSL authorization link working. I moved phurl.io SSL to AWS ACM so this (certificate expiration) shouldn't happen again.
I initiated a transfer of phurl.io to AWS but this process takes 93 steps and 11 days so we'll see where it goes.
AWS also supports DNS-based authorization now, which reduces the need for all the MX juggling.