version: 1 work_orders: - id: "WO-20260606-001" status: "pending" title: "Retire legacy public-cert local vhost names" reason: "These names were introduced for Let's Encrypt-backed nginx vhosts for local Proxmox/PBS web interfaces. This WO records the intent to retire them, but the names stay published until the vhosts, certificates, clients and monitoring are migrated." created_at: "2026-06-06T00:00:00Z" checklist: - id: "inventory-vhosts" text: "Find the nginx vhost files, upstream targets and Let's Encrypt renewal state for all pmx.* and pbs.* names." status: "pending" - id: "issue-local-certs" text: "Create or request local-CA certificates for the canonical internal service names that will replace these vhost aliases." status: "pending" - id: "install-local-certs" text: "Install the local certificates on the service endpoint or replacement nginx vhost and reload the affected services." status: "pending" - id: "remove-legacy-vhosts" text: "Remove the legacy nginx vhosts and Let's Encrypt renewal hooks/configuration for the pmx.* and pbs.* aliases." status: "pending" - id: "verify-access" text: "Verify Proxmox/PBS access through the canonical internal names with the local CA trusted by clients." status: "pending" - id: "verify-unused" text: "Check configs, monitoring, browser bookmarks/runbooks and logs so the retired names are no longer in active use." status: "pending" - id: "final-operator-approval" text: "Operator confirms the task is complete and the aliases can be removed from the host registry." status: "pending" actions: - type: "remove_name" host_id: "baobab" name: "pmx.baobab.madagascar.xdev.ro" - type: "remove_name" host_id: "ebony" name: "pmx.ebony.madagascar.xdev.ro" - type: "remove_name" host_id: "tapia" name: "pmx.tapia.madagascar.xdev.ro" - type: "remove_name" host_id: "anjothibe" name: "pbs.anjothibe.madagascar.xdev.ro" - type: "remove_name" host_id: "andrafiabe" name: "pbs.andrafiabe.madagascar.xdev.ro"