[04:30:21] [[Wiki server assignments]] ! 10https://wiki.toolserver.org/w/index.php?diff=8027&oldid=8019&rcid=21966 * 185.15.59.202 * (+465) (updated page) [11:51:18] nosy: 03 01:14:40 < jeremyb> amette: fyi, SSL is still not right after the new cert was installed. (i mailed about it some days ago) let me know if you need help fixing it. or if it's puppetized then point me to where it is in puppet [11:51:33] so... [11:51:46] i checked again since your latest mail. still not right [11:51:46] jeremyb: please see your mail... [11:52:00] really? screen shot? [11:52:08] looks good now in my browsrs [11:52:12] browsers [11:52:37] i think i fixed it some minutes ago [11:52:39] i don't care so much about your browsers [11:52:47] but one of mine is still not working [11:52:57] screen shot? [11:52:59] what i care about is this: Chain issues Incomplete, Extra certs, Not trusted as supplied [11:53:04] from https://www.ssllabs.com/ssltest/analyze.html?d=jira.toolserver.org&hideResults=on&ignoreMismatch=on [11:53:29] ill clear the test cache... [11:53:33] lets see [11:53:58] i did clear the cache [11:54:27] http://www.geocerts.com/ssl_checker seems to work - ill check [11:55:01] anyway, see what i quoted above about "if it's puppetized", etc. [11:56:53] jeremyb: any hints on what could be wrong with an nginx config? [11:57:11] the startcom stuff is related to the old cert [11:57:16] ill check the config again [11:59:45] really strange since i simply overwrote the old files [11:59:56] well can you just add the cert that that link says is missing? [12:00:11] see under """Certification Paths""" [12:00:26] "extra download" is the missing one [12:02:16] also, once you've fixed that then there's other issues [12:03:47] > 05 11:57:11 < nosy> the startcom stuff is related to the old cert [12:03:50] idk what that means [12:05:52] me too...i just saw it in the check report...i installed the additional cert and see it this is fine now...check is running... [12:06:45] jeremyb: did not work just to add the rapidssl root cert like i just did with geotrust... [12:07:02] below the error there is this #2 startcom... [12:07:08] i dont know how this happens [12:08:37] i did not update the zeus webservers in the back until now... [12:08:39] ill check [12:10:25] why not just use the same certs for both domains? [12:10:56] anyway, the reason startcom shows up is because you're sending it [12:11:05] i can't spend much more time on this now [12:11:21] if you just get me the config and other files i'll fix it for you [12:11:24] bbl [12:11:59] *wave* [12:13:38] jeremyb: ok looks different now [12:13:44] startcom is gone [12:13:53] but its still Incomplete, Not trusted as supplied [12:15:24] nosy: that's false, startcom is still present [12:15:56] jeremyb: cant see it [12:16:03] you have a wheezy box there? [12:16:18] anwyay, i definitely see it [12:16:24] jeremyb: nope probably 2 different urls [12:16:24] both s_client on that link above show it [12:16:29] jira is still old state [12:16:30] anyway* [12:16:39] toolserver.org is another one [12:16:51] toolserver.org was different from the beginning [12:17:01] yes another installation [12:17:43] cya l8r ill see what i can still do here [12:18:30] anyway, i can't do this now... let me know if you want me to just fix it for you (get me a tarball with certs and config file or something and i'll send you back a diff and a tarball) [12:18:34] k [12:18:52] obviously leave out the keys [12:23:26] jeremyb: jira is fine now [12:26:25] jeremyb: looks good now so far [12:26:46] any experience with rc4 in mobile browsers? can i leave it out? what will happen? [12:36:50] 2013/05/18 16:26 CRIT adenia NTP NTP CRITICAL: Server not synchronized, Offset unknown [12:36:50] 2013/05/18 16:22 CRIT amaranth Load avg. Timeout while attempting connection [12:36:50] 2013/05/18 16:22 CRIT amaranth NTP CRITICAL - Socket timeout after 10 seconds [12:36:50] 2013/05/18 16:26 CRIT amaranth SMF Timeout while attempting connection [12:36:50] 2013/05/30 07:36 WARN cassia /sql/data/dewiki DISK WARNING - free space: /sql 233117 MB (19% inode=99%): [12:40:00] nosy: idk. you could just copy what WMF uses [12:40:07] (i did that) [12:41:57] nosy: https://gerrit.wikimedia.org/r/gitweb?p=operations/puppet.git;a=blob;f=templates/nginx/nginx.conf.erb;hb=9b1e6204b7d7064fc012f3b79856e5a12134f3bf#l59 [12:42:46] jeremyb: thanks [12:42:56] good i dont have to search :) [12:45:45] jeremyb: they use rc4 too [12:48:13] i know... [13:02:59] 2013/06/05 12:56 WARN z-dat-s2-b MySQL slave SLOW_SLAVE WARNING: Slave IO: Yes Slave SQL: Yes Seconds Behind Master: 2117 [13:20:00] 2013/06/05 13:19 OK yarrow aliasd TCP OK - 0.009 second response time on port 984 [500 Not found.] [13:21:00] 2013/06/05 13:20 OK adenia NTP NTP OK: Offset -0.000401 secs [13:31:01] 2013/06/05 13:29 OK web.amaranth fisheye.toolserver.org HTTP OK: HTTP/1.1 200 OK - 273 bytes in 8.800 second response time [13:36:00] 2013/06/05 13:35 OK z-dat-s2-b MySQL slave Uptime: 1487510 Threads: 14 Questions: 1724638613 Slow queries: 33349 Opens: 10127396 Flush tables: 1 Open tables: 256 Queries per second avg: 1159.413 Slave IO: Yes Slave SQL: Yes Seconds Behind Master: 1719 [14:12:01] 2013/06/05 14:11 CRIT cassia s4 replag QUERY CRITICAL: 'SELECT ts_rc_age()' returned 3652.000000 [14:12:02] 2013/06/05 14:11 CRIT z-dat-s5-b s4 replag QUERY CRITICAL: 'SELECT ts_rc_age()' returned 3630.000000 [14:19:01] 2013/06/05 14:12 WARN z-dat-s2-b MySQL slave SLOW_SLAVE WARNING: Slave IO: Yes Slave SQL: Yes Seconds Behind Master: 2072 [14:37:01] 2013/06/05 14:36 OK z-dat-s2-b MySQL slave Uptime: 1491170 Threads: 10 Questions: 1731190641 Slow queries: 33417 Opens: 10164405 Flush tables: 1 Open tables: 257 Queries per second avg: 1160.961 Slave IO: Yes Slave SQL: Yes Seconds Behind Master: 1781 [19:03:11] 2013/06/05 18:58 CRIT ortelius Load avg. CRITICAL - load average: 37.73, 37.61, 23.54 [19:14:11] 2013/06/05 19:13 WARN ortelius Load avg. WARNING - load average: 7.76, 17.03, 19.43 [19:19:11] 2013/06/05 19:18 OK ortelius Load avg. OK - load average: 2.27, 7.98, 14.73 [19:35:11] 2013/06/05 19:29 CRIT ortelius Load avg. CRITICAL - load average: 26.39, 47.86, 30.75 [19:43:11] 2013/06/05 19:42 WARN ortelius Load avg. WARNING - load average: 3.05, 11.91, 19.20 [19:48:11] 2013/06/05 19:47 OK ortelius Load avg. OK - load average: 2.40, 6.06, 14.55 [19:59:16] 2013/06/05 19:54 CRIT wolfsbane Load avg. CRITICAL - load average: 16.41, 28.59, 17.88 [20:00:12] 2013/06/05 20:00 WARN wolfsbane Load avg. WARNING - load average: 7.77, 23.95, 16.91 [20:03:12] 2013/06/05 20:03 OK wolfsbane Load avg. OK - load average: 3.68, 14.89, 14.55 [20:04:12] 2013/06/05 19:57 CRIT nightshade aliasd Connection refused [20:48:14] 2013/06/05 20:47 OK z-dat-s4-a /sql DISK OK - free space: /sql 67228 MB (11% inode=99%): [20:55:15] 2013/06/05 20:48 WARN z-dat-s4-a /sql DISK WARNING - free space: /sql 66296 MB (10% inode=99%):