Renew PROD Certificate (around June, 2024)

[MCatherine1994]

Describe the task
Our PROD certificate will expire on Aug 9, 2024. Ticket for renew we done last year #421. Since the Certbot is not working anymore, we might not get notification, created this ticket to remind us. We need to send service desk a ticket to renew the certificate, and write Derek a ticket to help us install the new one.

Acceptance Criteria

• Create a service desk ticket
• Install the new certificate

Additional context

• Instructions are in ticket Renew TEST Certificate (mid April) #608

[ianliuwk1019]

Service Desk ticket created: https://apps.nrs.gov.bc.ca/int/jira/servicedesk/customer/portal/1/SD-117317

[ianliuwk1019]

SD-117317 ticket is currently being processed:

[ianliuwk1019]

Service Request RITM0814460 is approved (https://ociomysc.service-now.com/sp?id=form&table=sc_req_item&sys_id=61d50ed81b1fc690f436542f0a4bcb3c&view=ess) but I haven't got email for the renewed certificate yet.

[ianliuwk1019]

Got the certificate and chain CA certificate today sent by email from OCIO.
Backup previous certs to local drive.
Using steps from FOM Wiki to update certificate (option 1 for renewing certificate)
The are updated to FOM PROD routes (public/admin/api) after office hour. Verify all 3 domain links, seems to work after update.
However, from OpenShift, I can't find any place that could check the route's certificate expiry date.

I can only verify directly at the certificate itself by using openssl:
Expiry Date: August 09, 2025

Side note: before updating to new certificate, noticed previous CA certificate contains 3 segments (BEGIN-END). However, this time the new CA certificate contains only 1 segment(BEGIN-END). It works after updating to new cert.
@basilv

[basilv]

@ianliuwk1019 Easiest way to check the certificate expiry is in the browser. I confirmed Aug 9, 2025 expiry dates for FOM prod public, admin, and API