#2270: HTTPS broken for gdal.org and mapserver.org due to SSL issue
---------------------------+-------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
All in the title. Firefox refuses to access them. wget is also broken
{{{
$ LC_ALL=C wget http://gdal.org/gdalicon.png
--2019-03-30 23:14:32-- http://gdal.org/gdalicon.png
Resolving gdal.org (gdal.org)... 140.211.15.3
Connecting to gdal.org (gdal.org)|140.211.15.3|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://gdal.org/gdalicon.png [following]
--2019-03-30 23:14:32-- https://gdal.org/gdalicon.png
Connecting to gdal.org (gdal.org)|140.211.15.3|:443... connected.
ERROR: no certificate subject alternative name matches
requested host name 'gdal.org'.
To connect to gdal.org insecurely, use `--no-check-certificate'.
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+--------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+--------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by wildintellect):
Probably due to ticket #2256 upgrades to cert bot.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+--------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by rouault):
Interestingly, https://www.gdal.org works (with www.), but
https://gdal.org used to work
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+--------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
On it now sorry Even it seemed fine when I checked after the change
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+---------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: closed
Priority: critical | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
Comment:
For some reason it was trying to use the www.gdal.org one. I reinstalled
the cert and both gdal.org and www.gdal.org seem fine now from my end.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+---------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: closed
Priority: critical | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by robe):
Just fixed mapserver.org too. I'll go thru the others to make sure they
are still okay.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:6>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+-----------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: reopened
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Changes (by rouault):
* status: closed => reopened
* resolution: fixed =>
Comment:
Regine, I confirm that https://gdal.org/ now works, but
https://www.gdal.org/ and https://mapserver.org/ have still broken
certificates here
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:7>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+-----------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: reopened
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Comment (by robe):
Alright something is going on. Let me try to troubleshoot the configs.
I saw mapserver.org was broken and then fixed it, but it appears to be
broken again.
www.gdal.org seems fine though - redirects to gdal.org for me.
It might be left over from the old certbot I removed, like some apache
plugin thing.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:8>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+-----------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: reopened
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Comment (by robe):
Okay I figured out what is going in. These sites all have the same conf
file and Let's encrypt when I do a cert for the next replaces the cert
that was there.
So cert of the umn., broke the mapserver.org.
I'm going to split these out into separate confs so this doesn't happen
again.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:9>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+-----------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: reopened
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Comment (by robe):
Okay I decided not to split them and instead recert them together so they
share the same cert with the below commands
{{{
certbot-auto -d mapserver.org -d www.mapserver.org -d
mapserver.gis.umn.edu -d www3.mapserver.org
certbot-auto -d gdal.org -d www.gdal.org
certbot-auto -d geotools.org -d www.geotools.org
}}}
That seems to work. I still need to purge the old certs so they don't
bother renewing. I'll do that and then close this out.
At a glance mapserver.org and gdal.org appear to be the only ones that
have multiple domains in the apache config besides openlayers.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:10>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+---------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: closed
Priority: critical | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by robe):
* status: reopened => closed
* resolution: => fixed
Comment:
Okay so all should be good now and I deleted the redundant ssls that got
created so there aren't multiple for each mapserver,gdal,geotools combo.
If you still see issues let me know.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:11>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2270: HTTPS broken for gdal.org and mapserver.org due to certificate issue
---------------------------+---------------------
Reporter: rouault | Owner: sac@…
Type: defect | Status: closed
Priority: critical | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by rouault):
Everything is fine now. Thanks!
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2270#comment:12>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
