Post AILkX6FllVfCPciR4y by aetios@kawen.space
(DIR) More posts by aetios@kawen.space
(DIR) Post #AILEhjA4lOTTRk4nPE by xerz@fedi.xerz.one
2022-04-11T13:54:16.841451Z
0 likes, 0 repeats
oh you can’t issue wildcard certificates on Let’s Encrypt using HTTPoh
(DIR) Post #AILGCYqbGF0gOBEWBM by xerz@fedi.xerz.one
2022-04-11T14:11:03.477937Z
0 likes, 0 repeats
welp, time to use DDNS in Acme.sh https://github.com/acmesh-official/acme.sh/wiki/dnsapi
(DIR) Post #AILIVJx14OFfbBJ7Vg by xerz@fedi.xerz.one
2022-04-11T14:36:51.338942Z
0 likes, 0 repeats
actually I guess it’s just a good old proprietary API and not DDNS oops
(DIR) Post #AILJwA9tgXJR09hBI0 by xerz@fedi.xerz.one
2022-04-11T14:52:54.129609Z
0 likes, 0 repeats
so weird that I can have a certificate for *.xerz.one and another one for fedi.xerz.one at once… I wonder if it will break up :blobcatderpy:
(DIR) Post #AILOZgFEitTrcpI9Ts by xerz@fedi.xerz.one
2022-04-11T15:44:49.633224Z
1 likes, 0 repeats
OK so my certificate works with Chromium … but not with Firefoxand GNOME Web says its authority is fakeand Safari says it expired last year despite being brand newwhat
(DIR) Post #AILOlNHR3h1QHate40 by xerz@fedi.xerz.one
2022-04-11T15:47:00.041250Z
0 likes, 0 repeats
ok that’s cute (the heart is animated)
(DIR) Post #AILOrKDdLyEaWexJrs by xerz@fedi.xerz.one
2022-04-11T15:48:04.654132Z
0 likes, 0 repeats
…I think at least the Firefox issue is due to OCSP stapling failing somehow
(DIR) Post #AILP5dymgHzRrkq00W by Genstar@meow.social
2022-04-11T15:48:51Z
0 likes, 0 repeats
@xerz (And your cuteness is animated too :blobcatpats:)
(DIR) Post #AILP5exl1alMurMh2u by xerz@fedi.xerz.one
2022-04-11T15:50:38.457302Z
0 likes, 0 repeats
@Genstar ohgoshhi??????????:blobcatblush:
(DIR) Post #AILPpuVvXQcIT4OxqS by xerz@fedi.xerz.one
2022-04-11T15:59:00.472447Z
0 likes, 0 repeats
shut up no
(DIR) Post #AILT1wYy2sQCA0FlCK by xerz@fedi.xerz.one
2022-04-11T16:34:48.339574Z
0 likes, 0 repeats
WHY https://serverfault.com/questions/695557/nginx-no-client-certificate-ca-names-sent
(DIR) Post #AILT6JaQO1buj01Faq by xerz@fedi.xerz.one
2022-04-11T16:35:36.473959Z
0 likes, 0 repeats
even if that’s not my issueit’s sostupidand hard to debug????
(DIR) Post #AILUco8KRvS4gWw2jY by xerz@fedi.xerz.one
2022-04-11T16:52:40.375016Z
0 likes, 0 repeats
ok so echo QUIT | openssl s_client -connect xerz.one:443 -status is giving meCONNECTED(00000003)depth=0 CN = xerz.oneverify error:num=20:unable to get local issuer certificateverify return:1depth=0 CN = xerz.oneverify error:num=21:unable to verify the first certificateverify return:1depth=0 CN = xerz.oneverify return:1OCSP response: no response senth m m m
(DIR) Post #AILUdhawFG16hBkASm by xerz@fedi.xerz.one
2022-04-11T16:52:50.557516Z
0 likes, 0 repeats
(yes I’m already exposing the server because lol)
(DIR) Post #AILVxKhfAHYNRcoV5U by xerz@fedi.xerz.one
2022-04-11T17:07:35.316424Z
0 likes, 0 repeats
oh the server does give an errorOCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status
(DIR) Post #AILWRW4jRqipOyzqIy by xerz@fedi.xerz.one
2022-04-11T17:12:53.521264Z
0 likes, 0 repeats
…changing the regular SSL certificate to the fullchain one workedwhat
(DIR) Post #AILZZVXHdanFuLqy4e by xerz@fedi.xerz.one
2022-04-11T17:48:05.273563Z
0 likes, 0 repeats
:blobcatsip: (I have no idea why the CAA doesn’t work but ok)
(DIR) Post #AILavc9VolRMknq7Xs by mk@mastodon.satoshishop.de
2022-04-11T16:13:44Z
0 likes, 0 repeats
@xerz letsencrypt? didn't they change their root certificate a while ago or something?https://www.golem.de/news/tls-zertifikate-altes-let-s-encrypt-root-laeuft-ab-2109-159989.html---"we’ve had four intermediates: the Let’s Encrypt Authorities X1, X2, X3, and X4.""ISRG Root OCSP X[..]it signs Online Certificate Status Protocol (OCSP) responses that indicate the intermediate certificates have not been revoked."https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html
(DIR) Post #AILavctx26aT4pZCvg by xerz@fedi.xerz.one
2022-04-11T18:03:16.403624Z
0 likes, 0 repeats
@mk (update: it was me breaking OCSP somehow)
(DIR) Post #AILawWqh1PFsawTOcq by xerz@fedi.xerz.one
2022-04-11T18:03:28.716403Z
0 likes, 0 repeats
so weird to think currently xerz.one is a shell server
(DIR) Post #AILaxXqWnbYZyfsecC by xerz@fedi.xerz.one
2022-04-11T18:03:37.892557Z
0 likes, 0 repeats
so weird to think currently https://xerz.one is a shell server
(DIR) Post #AILk73J85xkLkMrobA by xerz@fedi.xerz.one
2022-04-11T19:46:12.705704Z
0 likes, 0 repeats
btw pls don’t get angry if https://blog.xerz.one is downit will be down for a bit because I have to figure out how to hosting now :blobcatderpy:
(DIR) Post #AILkA9JoCeNBG4f4JU by xerz@fedi.xerz.one
2022-04-11T19:46:46.172971Z
0 likes, 0 repeats
(could I have kept it? Yes, but that way I put myself more pressure so I get the thing back up)
(DIR) Post #AILkC2YOKEYarBNrmq by xerz@fedi.xerz.one
2022-04-11T19:47:06.580812Z
0 likes, 0 repeats
(could I have kept it? Yes, but that way I put myself more pressure so I get the thing back up)(also I didn’t know if Let’s Encrypt would be happy about that)
(DIR) Post #AILkX6FllVfCPciR4y by aetios@kawen.space
2022-04-11T19:50:14.199941Z
0 likes, 0 repeats
@xerz what are you trying to accomplish
(DIR) Post #AILkX6zV1UF8hS6xMG by xerz@fedi.xerz.one
2022-04-11T19:50:54.210451Z
0 likes, 0 repeats
@aetios Server with pretty much everything I could ever want except (maybe) mail (also fedi will be its own server for now)
(DIR) Post #AILkZc1ebj45X1JMjg by xerz@fedi.xerz.one
2022-04-11T19:51:23.155048Z
0 likes, 0 repeats
@aetios the neat part is that it’s all a bwrap-sandboxed Alpine Linux :blobcatpopcorn: