1 contributor
version: 1
work_orders:
- id: "WO-20260606-001"
status: "pending"
title: "Retire legacy public-cert local vhost names"
reason: "These names were introduced for Let's Encrypt-backed nginx vhosts for local Proxmox/PBS web interfaces. This WO records the intent to retire them, but the names stay published until the vhosts, certificates, clients and monitoring are migrated."
created_at: "2026-06-06T00:00:00Z"
checklist:
- id: "inventory-vhosts"
text: "Find the nginx vhost files, upstream targets and Let's Encrypt renewal state for all pmx.* and pbs.* names."
status: "pending"
- id: "issue-local-certs"
text: "Create or request local-CA certificates for the canonical internal service names that will replace these vhost aliases."
status: "pending"
- id: "install-local-certs"
text: "Install the local certificates on the service endpoint or replacement nginx vhost and reload the affected services."
status: "pending"
- id: "remove-legacy-vhosts"
text: "Remove the legacy nginx vhosts and Let's Encrypt renewal hooks/configuration for the pmx.* and pbs.* aliases."
status: "pending"
- id: "verify-access"
text: "Verify Proxmox/PBS access through the canonical internal names with the local CA trusted by clients."
status: "pending"
- id: "verify-unused"
text: "Check configs, monitoring, browser bookmarks/runbooks and logs so the retired names are no longer in active use."
status: "pending"
- id: "final-operator-approval"
text: "Operator confirms the task is complete and the aliases can be removed from the host registry."
status: "pending"
actions:
- type: "remove_name"
host_id: "baobab"
name: "pmx.baobab.madagascar.xdev.ro"
- type: "remove_name"
host_id: "ebony"
name: "pmx.ebony.madagascar.xdev.ro"
- type: "remove_name"
host_id: "tapia"
name: "pmx.tapia.madagascar.xdev.ro"
- type: "remove_name"
host_id: "anjothibe"
name: "pbs.anjothibe.madagascar.xdev.ro"
- type: "remove_name"
host_id: "andrafiabe"
name: "pbs.andrafiabe.madagascar.xdev.ro"