[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: hydra: dns: Fix ACM certificate validation record.
|
From: |
Ludovic Courtès |
|
Subject: |
01/01: hydra: dns: Fix ACM certificate validation record. |
|
Date: |
Wed, 1 May 2019 02:48:44 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit 220e8284d099d81b9d2618f03ab4a792d93faa42
Author: Chris Marusich <address@hidden>
Date: Tue Apr 30 18:57:01 2019 -0700
hydra: dns: Fix ACM certificate validation record.
ACM requires us to create a CNAME under ci.guix.gnu.org to prove
domain ownership. It does not require ci.guix.gnu.org itself to be a
CNAME; we can make ci.guix.gnu.org whatever we want.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <ci>: Remove this
CNAME record.
<_82c0b5947777eb0bee604d5d2061d85f.ci>: New CNAME.
Signed-off-by: Ludovic Courtès <address@hidden>
---
hydra/modules/sysadmin/dns.scm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hydra/modules/sysadmin/dns.scm b/hydra/modules/sysadmin/dns.scm
index 89b3fcf..8aae917 100644
--- a/hydra/modules/sysadmin/dns.scm
+++ b/hydra/modules/sysadmin/dns.scm
@@ -61,8 +61,11 @@
;; ci. as an alias for berlin.
;;("ci" "" "IN" "CNAME" "berlin")
- ;; ci. as an alias for the Cloudfare CDN.
- ("ci" "" "IN" "CNAME"
"_9023f91de522527b4b669b841e4822fe.ltfvzjuylp.acm-validations.aws."))
+ ;; This record is required in order to prove to Amazon ACM that we
+ ;; own the domain. As long as it exists, ACM will automatically
+ ;; renew the TLS certificate for the CloudFront distribution we use
+ ;; as the CDN for ci.guix.gnu.org. See cdn/README.org for details.
+ ("_82c0b5947777eb0bee604d5d2061d85f.ci" "" "IN" "CNAME"
"_9023f91de522527b4b669b841e4822fe.ltfvzjuylp.acm-validations.aws."))
(define guix.gnu.org-zone
(knot-zone-configuration