Post A3H1wFDDBxbZmIsTei by nommon@qoto.org
(DIR) More posts by nommon@qoto.org
(DIR) Post #A3H1prVGQakUVcHIoa by nommon@qoto.org
2021-01-15T21:08:13Z
0 likes, 0 repeats
https://nomnom.qoto.org/Unable to communicate securely with peer: requested domain name does not match the server’s certificate.HTTP Strict Transport Security: falseHTTP Public Key Pinning: falseCertificate chain:-----BEGIN CERTIFICATE-----MIIFSjCCBDKgAwIBAgISA2VwfIRjP6makRGqYwGb1hLXMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDEwMTYwMTUwMTFaFw0yMTAxMTQwMTUwMTFaMBQxEjAQBgNVBAMMCSoucW90by5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRFnu4jntXhUS3vGtVsgYA2/gDLa73eVyWdFJeWkyOgb9+n5cx0FkaWeRmQt8IwaYNCehTXBfrvInKTPW8VqZAThYiL70Q2v18+IZayuEDKXN0KTS7uOraGvoo+EYPo4ly4VWGgGcISvmVytFWPvXj3OoDcMOIY+PlgzKypghuB1mXPEjZIQ9KIgkF9v92mYXyaNyXw+iY6bDyLYZ3mixBPlB5GtJPX2ACDTt5T+kzjjKtoPmGLEafySVLmivqVJTBg1Zz7Ks0OBAGeaV4A3z9bYUGi/HPGBonBMbl79oJkyTb/5HOUpbp+2elH9reVvm6itlzk4OhG/7RLA0v0wYsCAwEAAaOCAl4wggJaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtlNVM0RIrHB+vsHDHa2+0VWx+pEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAUBgNVHREEDTALggkqLnFvdG8uaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXUvUJbMAAAEAwBHMEUCIQCCx6vBeqEgC1Kjq1EJVqOVNVvWjjfrsO6FtDCqJZk5LAIgaPbtoHu81BqgaCrQB2yVZSTHVu8hQp7f3Hpd3kWmf78AdgB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5ql2iZfiLw1wAAAXUvUJduAAAEAwBHMEUCICWUC/PGHchK4k2ff+Dy+KVWRmMVmKq+phq414Qnt9UEAiEA+0kUVaik3fkL2a0ane6n0J6DSzGozDc+49UDGFKWJi0wDQYJKoZIhvcNAQELBQADggEBAGBQZSefWEMm1NsnShkbi+0OWiWLcwbGljxWP+vkGxAymg7yHqMOBNaNd6tIliXa72LG7jKEm9yshvKG/x8Px0ZfjJ580o0Rn2uARpd2PNZmEoUs7uxLP6n7NIX1486/7DAAWcpTF7Ni291WgoHZMsidJxKqayuTDKDJmYzKwAdnyQ/FdwfKWg7qQCSwhqtquvBjcoTtyRfWp76lmw2P+lkBhRFNdaM1INU+P0Pa4CbQ9KMgqj9d0J/RZ+6+jojuHNXvCQsg9hR+t+/i1bUbptQJIjafZoBrMAc4QjCK7t8HACxHHtvvlTfk5iZL4s+F6JULblTGyfZRoGXdlv9i4aQ=-----END CERTIFICATE-----@freemo
(DIR) Post #A3H1pryKgW07xlsW7k by freemo@qoto.org
2021-01-15T21:09:36Z
0 likes, 0 repeats
@nommon Why would you expect there to be an endpoint at https://nomnom.qoto.org ?
(DIR) Post #A3H1wFDDBxbZmIsTei by nommon@qoto.org
2021-01-15T21:10:49Z
0 likes, 0 repeats
@freemo OOPS wrong domain, but your certificate expired for the qoto.io domain.
(DIR) Post #A3H28uZhET1XXMR1Bg by freemo@qoto.org
2021-01-15T21:12:04Z
0 likes, 0 repeats
@nommon let me go look
(DIR) Post #A3H3PkpIpTs6BFKV8a by hansw@hub.libranet.de
2021-01-15T21:27:22Z
0 likes, 0 repeats
@🎓 Dr. Freemo :jpf: 🇳🇱 install some monitor software and get warned :-) Omd might be helpful
(DIR) Post #A3H5mbKcUsMNIk03u4 by freemo@qoto.org
2021-01-15T21:53:52Z
0 likes, 0 repeats
@nommon certificate now updated
(DIR) Post #A3H6AiOtrl5QAwV5dI by freemo@qoto.org
2021-01-15T21:58:12Z
0 likes, 0 repeats
@hansw @nommon this wont happen again, I actually already do get alerts I just didnt realize I had to act on it.Ya see all the custom domain certs on gitlab, along with every cert for every site I host is behind a framework I wrote that automatically obtains and renews certificates, so I didnt really think I had to do anything and that they would auto renew.What I forgot is that while custom domains themselves for sites hosted on our git lab do indeed auto renew the default domain of *.qoto.io does not (its the only domain that doesn't. The reason for this is because the certbot doesnt support obtaining or renewing wildcard domains and are the only type of domain you have to renew manually. So I totally forgot that I actually **do** need to pay attention to the alerts.. next time I will.Anyway it is fixed now and all is good.
(DIR) Post #A3H7EiwNtrGWxldbw8 by hansw@hub.libranet.de
2021-01-15T22:10:10Z
0 likes, 0 repeats
I wrote some solutions to solve this too. Sadly it was done for a company so I am not able to release it. It was for my last employer. We mostly got informed some 14 days before it would need an update. Automating is nice but the customer always needed to agree or even do it themselves.It is fixed, that is good.
(DIR) Post #A3Jb5d9vPcl3MmTHbk by ShyKana@wuppo.allowed.org
2021-01-17T02:52:05.880644Z
0 likes, 0 repeats
@freemo @hansw @nommon (60)➜ ~ curl https://nomnom.qoto.io/ curl: (60) SSL certificate problem: unable to get local issuer certificateMore details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could notestablish a secure connection to it. To learn more about this situation andhow to fix it, please visit the web page mentioned above.btw the certificate is doing fine on browsers, but it doesn’t work with all those command line tools, e.g. curl. it seems that the chain is incomplete (one in the trust chain needs extra download). is there any way to fix this?
(DIR) Post #A3Jb5dw8WNK3mJ1mkq by freemo@qoto.org
2021-01-17T02:53:51Z
0 likes, 0 repeats
@ShyKana Interesting, this is the first im hearing of it... Do you know if curl has this problem with all LE certs or is it unique to qoto?@hansw @nommon
(DIR) Post #A3JbQ9ZQcKxTgEBbxQ by freemo@qoto.org
2021-01-17T02:57:49Z
0 likes, 0 repeats
@ShyKana I can confirm I have the same issue when i try this through curl by the way... ill see what i can ddig up and what the solutions might be.@hansw @nommon
(DIR) Post #A3JcDNz9oMz4ZphFmi by ShyKana@wuppo.allowed.org
2021-01-17T03:04:56.809123Z
0 likes, 0 repeats
@freemo @hansw @nommon My other websites with LE certs works fine with curl. But I have no experience with wildcard certificates though
(DIR) Post #A3JcDOWToTdgFBHriy by freemo@qoto.org
2021-01-17T03:06:42Z
0 likes, 0 repeats
@ShyKana I just checked and the issue only shows up on the wildcard domain. I will look into this more tomorrow, might be a configuration issue on gitlab@hansw @nommon