I just got notice from our security team that this is still an issue:

Qualys reports that SSL certificate on lsst-demo.ncsa.illinois.edu expires on March 6th. Looks like this is a Let's Encrypt cert, however it should have auto-renewed by now so either that functionality is not setup or there is some kind of problem.

Can someone from the SUI team resolve this?

Yes, it should have auto-renewed but it's not.  I've manually renewed the SSL certificate on  https://lsst-demo.ncsa.illinois.edu.

I will look into why it's not doing it on its own at a later time and update the container as needed.

We are not using lsst-demo2.  It was originally setup as a test and it was not used ever since.

I am unable to access https://lsst-demo2.ncsa.illinois.edu from here nor am I able to ssh into it.

I think it can be taken down.

Thanks.

We never could get the lsst-demo2 server to work as desired, so we shut down that server about 1 month ago.

Got another cert warning for this host:

Certificate #0 CN=lsst-demo.ncsa.illinois.edu The certificate will expire within a month: Jun 3 16:54:24 2018 GMT

It's fixed.

Loi Ly - While I'm seeing a newly updated cert at https://lsst-demo.ncsa.illinois.edu/, the new certificate is not showing up as trusted in my web browser. Is this still a certificate from Let's Encrypt?

According to https://www.ssllabs.com/ssltest/analyze.html?d=lsst%2ddemo.ncsa.illinois.edu&hideResults=on&latest the cert is signed by "Fake LE Intermediate X1" which I assume it some kind of Let's Encrypt test or dev system.

I had to update the letsencrypt client I was using. While testing, I was using their staging environment. I thought I had switched over to production before testing it on my browser. Apparently not. Sorry for the trouble. It should be good now.