Change 124057 had a related patch set uploaded by Hashar:
beta: adjust protoproxy for eqiad

https://gerrit.wikimedia.org/r/124057

Patch is there, will get it fixed this afternoon hopefully :-]

While applying the puppet class on deployment-cache-bits01, nginx ends up bailing out with:

root@deployment-cache-bits01:~# /etc/init.d/nginx start
Starting nginx: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/star.wmflabs.org.key") failed

(SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

nginx: configuration file /etc/nginx/nginx.conf test failed

Change 124057 merged by Dzahn:
beta: adjust protoproxy for eqiad

https://gerrit.wikimedia.org/r/124057

The puppet class role::protoproxy::ssl::beta is applied on all varnish instances. Nginx refuses to starts because the /etc/ssl/private/star.wmflabs.org.key key mismatch (see comment #3). That would be solved whenever we get certificates on beta which is the rather long bug 48501.

REOPEN: bug 48501 is about getting real, valid certs. This about accessing beta with https (regardless if the cert is valid for the browser and a warning message pops up).

I don't know nginx to say why he doesn't like the cert, but how about generating new, self-signed or by Labs CA for beta domains? Thats how it was and worked in pmtpa, so what's the problem here?

(In reply to se4598 from comment #6)
appendix: even if the mentioned bug now covers that too, leave this bug open until it's somehow working, because of the dependencies/blocked bug of this etc.

SSL is enabled again but is not going to work until someone sort out the SSL certificate issue tracked by bug 48501. There is no need to have two bugs to track the issue :-D