#6576 Invalid SSL cert for https://releases.stg.pagure.org
Closed: Fixed 2 years ago Opened 2 years ago by mrsam.

Poking around on std.pagure.io, on the projects' "Releases" tab, the "release folder" link goes to https://releases.stg.pagure.org/<project>. Example: https://releases.stg.pagure.org/LibCXX

Firefox refuses to open this link due to a hostname mismatch:

"releases.stg.pagure.org uses an invalid security certificate. The certificate is only valid for the following names: pagure.io, www.pagure.io, stg.pagure.io, docs.pagure.org, releases.pagure.org, lists.pagure.io"

Additionally, Firefox refuses to offer an exception, because of HSTS.


why fedora doesn't use letsencrypt ? It's already packaged.

We do. We just haven't had time to process this request and set things up for it yet.

Metadata Update from @kevin:
- Issue priority set to: Waiting on Asignee

2 years ago

Metadata Update from @codeblock:
- Issue assigned to codeblock

2 years ago

Fixed.

[codeblock@batcave01 ansible][PROD]$ curl -svo /dev/null https://releases.stg.pagure.org/test/foo
* About to connect() to releases.stg.pagure.org port 443 (#0)
*   Trying 140.211.169.203...
* Connected to releases.stg.pagure.org (140.211.169.203) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=releases.stg.pagure.org
*   start date: Jun 06 15:46:39 2018 GMT
*   expire date: Sep 04 15:46:39 2018 GMT
*   common name: releases.stg.pagure.org
*   issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET /test/foo HTTP/1.1
> User-Agent: curl/7.29.0
> Host: releases.stg.pagure.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Wed, 06 Jun 2018 16:49:05 GMT
< Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5
< X-Frame-Options: ALLOW-FROM https://pagure.io/
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Referrer-Policy: same-origin
< Content-Security-Policy: default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org
< Last-Modified: Fri, 05 Jun 2015 12:33:58 GMT
< ETag: "5-517c4818e76b3"
< Accept-Ranges: bytes
< Content-Length: 5
< 
{ [data not shown]
* Connection #0 to host releases.stg.pagure.org left intact

Metadata Update from @codeblock:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata