www.wp-cli.org SSL setup wp-cli.org is…

www.wp-cli.org SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server. setup

Raised via: https://wordpress.slack.com/archives/C02QB8GMM/p1719398059892329

wp-cli.org is hosted on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Pages, the A records are setup properly for this.

In order for GitHub Pages to provision a SSL certificate for the www subdomain however, the subdomain needs to be a CNAME to wp-cli.github.io. Currently it’s a CNAME to wp-cli.org.

Can we please change www.wp-cli.org from a CNAME to itself, to that of github?

Currently:

$ dig www.wp-cli.org +short
wp-cli.org.
185.199.111.153
185.199.110.153
185.199.109.153
185.199.108.153

Should be:

$ dig www.wp-cli.org +short
wp-cli.github.io.
185.199.111.153
185.199.110.153
185.199.109.153
185.199.108.153

#ssl #dns #github #wpcli #prio2

Enable SSL for additional *.wp.org domains

End-users often shorten links to WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ with the wp.org domain. This isn’t an official domain that’s used, but we do have a redirect in place for it.

Currently the list of SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server.-enabled subdomains is rather small compared to the *.wordpress.org domains.

Can we expand the list of subdomains SSL is supported on, at least to the non-locale-site domains used by contributors?

wp.org www.wp.org developer.wp.org events.wp.org make.wp.org learn.wp.org login.wp.org profiles.wp.org sv.wp.org translate.wp.org schemas.wp.org

I do note that sv.wp.org is included in the current SSL cert, I’m unsure why that domain was specifically included, I don’t personally think it’s worth listing all rosetta subdomains, as we’d have to constantly update the list, so I haven’t included those above. Similarly, I don’t think it’s worth enabling wildcard support for this domain at this time due to the LE integration limitations at present.

ref: https://meta.trac.wordpress.org/ticket/7526

cc @flexseth

#prio3 #ssl

SSL cert expired for plugins-svn.bbpress.org

The SSL cert being served up for https://plugins-svn.bbpress.org/ has expired, looks like it’s using an old copy of the *.bbpress.org cert, that was updated in r14643 for webs but there’s a duplicate copy of for svns (See r11954 & r11955)

#prio1 #ssl

Can we please enable SSL for lists.wordpress.org?

Currently the domain isn’t accessible over SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server., and it’s not uncommon for links to be SSL’d or for browsers to force SSL.

ref: https://meta.trac.wordpress.org/ticket/629

#ssl #prio3

Force SSL for https://planet.wordpress.org/ Can…

Force SSL for https://planet.wordpress.org/

Can we please enable forced SSL for https://planet.wordpress.org/ now that all the sites are SSL’d? Looks like the $maybe_force_ssl map just needs updating.

ref https://meta.trac.wordpress.org/ticket/634

#ssl #prio3

Add SSL redirect to pingomatic.com

As per https://meta.trac.wordpress.org/ticket/4245 can we please enable a HTTP -> HTTPS redirect for pingomattic.com that keeps the REQUEST_URI intact?

#ssl #prio3

Enable SSL for s.w.org on sandboxes?

Can we enable s.w.org for sandboxes? It would make debugging TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. and other resources in production easier if we could have the CDN hitting developer sandboxes instead.

As far as I can tell, The only thing that needs doing is adding the *.w.org cert to the s.w.org hostname.

Right now when sandboxing s.w.org the process requires you to load a resource, approve the invalid cert, reload the other page, and then rinse-repeat when the browser starts rejecting the cert again randomly.

#ssl #prio3

SSL for wp.org

As wp.org is now a WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ domain, can we please get SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server. enabled for it?

ref https://wordpress.slack.com/archives/meta/p1480801420000002 / https://wordpress.slack.com/archives/meta/p1480909161000077

#ssl #prio3

Hey is there a reason why we have…

Hey, is there a reason why we have a 302 redirect for http://wordpress.org to https://wordpress.org?

➜  ~  curl -I http://wordpress.org
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 26 Jan 2016 21:15:27 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://wordpress.org/
X-Frame-Options: SAMEORIGIN

➜  ~  curl -I http://make.wordpress.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 26 Jan 2016 21:15:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Olaf: ⛄
Location: https://make.wordpress.org/
X-Frame-Options: SAMEORIGIN

➜  ~  curl -I http://developer.wordpress.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 26 Jan 2016 21:15:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Olaf: ⛄
Location: https://developer.wordpress.org/
X-Frame-Options: SAMEORIGIN

Is this something which can be fixed?

Meta ticket: https://meta.trac.wordpress.org/ticket/755

#ssl

Hi We’re ready to start converting the second…

Hi! We’re ready to start converting the second batch of WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. domains to the correct URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org structure. Can we install the certificate and the nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. config on the WordCamp.org server please?

  • /home/wordcamp/letsencrypt/output/batch-2.crt
  • /home/wordcamp/letsencrypt/output/batch-2.key
  • /home/wordcamp/letsencrypt/output/batch-2.nginx.conf

The paths in the nginx config might need to be adjusted depending on where you put it. Also @barry mentioned we should probably use maps in the nginx configs for this, so I’ll be reworking the LE script a bit, maybe before the next batch.

Thank you!

#ssl, #wordcamp-org