SSL/TLS certificates are provided by Digitial Infrastructure and stored in the Vault.
A certificate signing request is required to request a new certificate. To generate a signing request use the Ansible playbook site_csr.yml:
> cd infra/ansible
> ansible-playbook -i inventories/[ENV]/inventory-[ENV].ini -e csr_out_path=$PWD/domain.csrwhere [ENV] should be replaced with the environment the certificate is targeted at. Look at the
directories available in infra/ansible/inventories for the options.
Check the contents using:
> openssl req -in $PWD/domain.csr -text -nooutCopy the content of the .csr file and send it to Digital Infrastructure. The request can take a
few days to process. When the new certificates arrive there will be several format options to choose
from, select "Certificate (w/ issuer after), PEM encoded". Download this, copy the contents to the
Vault and then redeploy Traefik playbook to copy the new certificates over.