2

Fucking dot files...
Written a deployment script to reduce the amount of another dude's fuck ups when updating code on the server. Apparently the website executable automatically generated TLS certificates (let's encrypt) and placed them into the local hidden folder.

There is a limit on how many certificates a single domain can generate so... The website is down...

Comments
  • 1
    But why? Certbot only generates new certificate if previous one is less than 10 days from its expiration date. I have had a set up that would check for new cert everyday and never had any problems with it.
  • 1
    @impune-pl doesn't sound like they are renewing the certs but creating brand new ones every time and being blocked as you can only generate a new cert a few times in a day.
  • 1
    @C0D4 sounds exactly like that.

    @HitWRight Take the frying pan of shame and hit him repeatedly so he's aware of his heinous crimes....

    Leaving the cert generation aside, this is just shit. Application runtime and deployment should be separated, an application (guess you mean that by executable) should never do that...

    Even in deployment, it's wise to split out cert generation... Renewal aside,crypto changes every day. Trying to fish out parameters of a "I can do it all" script is shitty (e.g. changing DH size/ algo or stuff like that)
  • 0
    @impune-pl It's creating new certs everytime it was "Redeployed"
  • 1
    @IntrusionCM I'd love to take the frying pan of shame to hit the outsourced company's employees. I took initiative to try to save this dumpster fire and no... I did not expect the application itself to handle certificates generation.

    Then again I did not expect there wouldn't be a firewall and root database password will be asdasd.

    Still .dotfiles is a poor design choice just like hiding extensions for known file types in Windows. It obfuscates things that shouldn't be obfuscated.
  • 1
    @HitWRight yes regarding dotfiles.

    I e.g. love scratching my head finding the .dockerignore because COPY isn't working. Or a tool misbehaving cause there is a .<toolconfig> ...

    find can be a lifesaver.

    @highlight
    find . -type f -name ".*" -ls
  • 0
Add Comment