[opam-devel] [ocaml-infra] expiration SSL certificate

Xavier Leroy Xavier.Leroy at inria.fr
Sat Sep 10 15:42:00 BST 2016

On 09/07/2016 04:21 PM, Ashish Agarwal wrote:
> IIRC, this was particularly relevant for the opam sub-domain, so cc-ing the
> opam-devel list. Can any opam dev please confirm. If it is still needed, we
> should act quick to update this.

I'm positive you need secure connections for lists.ocaml.org as well
(to protect the passwords of list administrators and subscribers).

Now that Anil is a successful businessman, who is administering the
*.ocaml.org Web servers and DNS ?

FYI, if you go the Gandi renewal way, it costs 200 Eur for 3 years,
and one of the three validation methods below may have to be

- Xavier Leroy

Validation by DNS record Validation by DNS record implies that you have
access to the DNS zone file of your domain, and can add a record to it. If
you opt for this method, the record to be inserted into the zone will be
displayed on the following page.

Validation by email This validation method is simple, though requires that
you have an email address available for for each domain validated. This
email address must be created with the user admin@ (ex.: if you want to
validate the domain example.com, you must create the email address
admin at example.com). If you did not get the validation email, go to your
validation status interface and relaunch the sending of the verification emails.

Validation by file This validation method requires that you have access to
the server that hosts the website that the domain will point to. You are
asked to copy a TXT file that contains a verification key, and to place it
at the root directory of the website. If you don't have the hosting set up
for your site, or if you don't have access to the root directory, then
choose another validation method. Warning: Your .TXT file should only be
available through HTTP. The validation will not work with HTTPS redirection.

> On Mon, Sep 5, 2016 at 7:29 AM, François Bobot <francois.bobot at cea.fr
> <mailto:francois.bobot at cea.fr>> wrote:
>     On 05/09/2016 09:01, Xavier Leroy wrote:
>         Gandi informs me that the SSL certificate for the ocaml.org
>         <http://ocaml.org> domain
>         expires in 14 days, on 2016-09-20 01:59.
>         If you need me to do something with Gandi in order to renew this
>         certificate, do let me know ASAP.
>     I used https://letsencrypt.org/ for getting free SSL certificate for
>     frama-c.com <http://frama-c.com> (bts.,git.,...) and it worked very
>     well. There is even a debian package.
>     My two cents,
>     -- 
>     François
>     _______________________________________________
>     Infrastructure mailing list
>     Infrastructure at lists.ocaml.org <mailto:Infrastructure at lists.ocaml.org>
>     http://lists.ocaml.org/listinfo/infrastructure
>     <http://lists.ocaml.org/listinfo/infrastructure>
> _______________________________________________
> Infrastructure mailing list
> Infrastructure at lists.ocaml.org
> http://lists.ocaml.org/listinfo/infrastructure

More information about the opam-devel mailing list