This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
berkeleylug:digital_resources [2019-03-09T03:29:41+0000] michael_paoli obtained new cert |
berkeleylug:digital_resources [2019-03-15T12:24:11+0000] michael_paoli more work on "local" hosting of [temp.]berkeleylug.com |
||
---|---|---|---|
Line 7: | Line 7: | ||
berkeleylug.org (alternate - redirects(?) to primary - we may let this one expire, etc. Registry Expiry Date: 2019-05-17T04:39:28) registrant/owner: Michael Paoli - (transferred 2019-03-04) | berkeleylug.org (alternate - redirects(?) to primary - we may let this one expire, etc. Registry Expiry Date: 2019-05-17T04:39:28) registrant/owner: Michael Paoli - (transferred 2019-03-04) | ||
- | Known (and probably all) DNS: | + | DNS: |
- | $ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.; do NS=$(dig +short "$d" NS | sort -R | head -n 1); n=$(dig +short "$NS" A "$NS" AAAA | sort -R | head -n 1); for s in '' calendar. docs. mail. sites. '*.' www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"$n" +norecurse +noall +answer "$s$d" "$t"; done; done; done) | grep '^[^ ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u | + | $ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.; do NS=$(dig +short "$d" NS | sort -R | head -n 1); n=$(dig +short "$NS" A "$NS" AAAA | sort -R | head -n 1); for s in '' '*.' calendar. docs. mail. sites. temp. www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"$n" +norecurse +noall +answer "$s$d" "$t"; done; done; done) | grep '^[^ ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u |
- | 2019-03-01T04:45:46+00:00 | + | 2019-03-09T21:15:20+00:00 |
*.berkeleylug.com. 14400 IN CNAME berkeleylug.com. | *.berkeleylug.com. 14400 IN CNAME berkeleylug.com. | ||
berkeleylug.com. 14400 IN MX 10 aspmx.l.google.com. | berkeleylug.com. 14400 IN MX 10 aspmx.l.google.com. | ||
Line 20: | Line 20: | ||
berkeleylug.com. 21600 IN NS ns-cloud-a3.googledomains.com. | berkeleylug.com. 21600 IN NS ns-cloud-a3.googledomains.com. | ||
berkeleylug.com. 21600 IN NS ns-cloud-a4.googledomains.com. | berkeleylug.com. 21600 IN NS ns-cloud-a4.googledomains.com. | ||
- | berkeleylug.com. 21600 IN SOA ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 1209600 300 | + | berkeleylug.com. 21600 IN SOA ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 1209600 300 |
berkeleylug.com. 300 IN A 192.0.78.24 | berkeleylug.com. 300 IN A 192.0.78.24 | ||
berkeleylug.com. 300 IN A 192.0.78.25 | berkeleylug.com. 300 IN A 192.0.78.25 | ||
Line 27: | Line 27: | ||
berkeleylug.org. 21600 IN NS ns-cloud-b3.googledomains.com. | berkeleylug.org. 21600 IN NS ns-cloud-b3.googledomains.com. | ||
berkeleylug.org. 21600 IN NS ns-cloud-b4.googledomains.com. | berkeleylug.org. 21600 IN NS ns-cloud-b4.googledomains.com. | ||
- | berkeleylug.org. 21600 IN SOA ns-cloud-b1.googledomains.com. dns-admin.google.com. 7 21600 3600 1209600 300 | + | berkeleylug.org. 21600 IN SOA ns-cloud-b1.googledomains.com. dns-admin.google.com. 10 21600 3600 1209600 300 |
berkeleylug.org. 3600 IN A 216.239.32.21 | berkeleylug.org. 3600 IN A 216.239.32.21 | ||
berkeleylug.org. 3600 IN A 216.239.34.21 | berkeleylug.org. 3600 IN A 216.239.34.21 | ||
Line 40: | Line 40: | ||
mail.berkeleylug.com. 3600 IN CNAME ghs.googlehosted.com. | mail.berkeleylug.com. 3600 IN CNAME ghs.googlehosted.com. | ||
sites.berkeleylug.com. 3600 IN CNAME ghs.googlehosted.com. | sites.berkeleylug.com. 3600 IN CNAME ghs.googlehosted.com. | ||
+ | temp.berkeleylug.com. 300 IN A 198.144.194.238 | ||
+ | temp.berkeleylug.com. 300 IN AAAA 2001:470:1f05:19e::4 | ||
www.berkeleylug.com. 14400 IN CNAME berkeleylug.com. | www.berkeleylug.com. 14400 IN CNAME berkeleylug.com. | ||
www.berkeleylug.org. 3600 IN CNAME ghs.googlehosted.com. | www.berkeleylug.org. 3600 IN CNAME ghs.googlehosted.com. | ||
Line 87: | Line 89: | ||
*ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG | *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG | ||
+ | ######################################################################## | ||
+ | various bits to test on temp.berkeleylug.com - to presumably later be | ||
+ | berkeleylug.com | ||
Created key and obtained (non-Google) CA signed cert also covering: | Created key and obtained (non-Google) CA signed cert also covering: | ||
*.berkeleylug.com,berkeleylug.com,*.berkeleylug.org,berkeleylug.org expires: 2019-06-07T02:07:58Z | *.berkeleylug.com,berkeleylug.com,*.berkeleylug.org,berkeleylug.org expires: 2019-06-07T02:07:58Z | ||
+ | $ dig +noall +answer +nottl temp.berkeleylug.com. A temp.berkeleylug.com. AAAA | ||
+ | temp.berkeleylug.com. IN A 198.144.194.238 | ||
+ | temp.berkeleylug.com. IN AAAA 2001:470:1f05:19e::4 | ||
+ | $ </dev/null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:25 2>>/dev/null | sed -ne '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/{N;p;q;}' | ||
+ | Not After : May 22 11:41:24 2019 GMT | ||
+ | X509v3 Subject Alternative Name: | ||
+ | DNS:*.balug.org, DNS:*.lists.balug.org, DNS:balug.org | ||
+ | $ | ||
+ | ... install the newer cert for SMTP (will likely end up needed for at | ||
+ | least postmaster@berkeleylug.com, for WordPress site to, e.g. send | ||
+ | user password resets, etc. | ||
+ | # pwd -P | ||
+ | /etc/exim4/eximconfig/config | ||
+ | # ls -ld tls_c*.pem | ||
+ | lrwxrwxrwx 1 root root 53 Sep 17 2017 tls_certificate_private.pem -> ../../../letsencrypt/live/lists.balug.org/privkey.pem | ||
+ | lrwxrwxrwx 1 root root 55 Sep 17 2017 tls_certificate_public.pem -> ../../../letsencrypt/live/lists.balug.org/fullchain.pem | ||
+ | # ln -sf ../../../letsencrypt/live/berkeleylug.com/privkey.pem tls_certificate_private.pem | ||
+ | # ln -sf ../../../letsencrypt/live/berkeleylug.com/fullchain.pem tls_certificate_public.pem | ||
+ | # ls -lLd tls_c*.pem | ||
+ | -r--r----- 1 root Debian-exim 3272 Mar 8 19:03 tls_certificate_private.pem | ||
+ | -r--r--r-- 1 root root 4033 Mar 8 19:08 tls_certificate_public.pem | ||
+ | # systemctl reload exim4.service | ||
+ | # | ||
+ | $ </dev/null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:25 2>>/dev/null | sed -ne '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/{N;p;q;}' | ||
+ | Not After : Jun 7 02:07:58 2019 GMT | ||
+ | X509v3 Subject Alternative Name: | ||
+ | DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org | ||
+ | $ | ||
+ | |||
+ | ######################################################################## | ||
robots.txt: | robots.txt: |