[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Invalid TLS certificate on hdl.handle.net

To: handle-info@cnri.reston.va.us
Subject: Re: [Handle-info] Invalid TLS certificate on hdl.handle.net
From: uschindler@pangaea.de
Date: Mon, 27 Nov 2023 19:21:10 +0100
Delivered-to: handle-info-archive@cnriweb-cogent.cnri.reston.va.us
Delivered-to: handle-info@cnriweb.cnri.reston.va.us
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pangaea.de; s=sddsmail201905; t=1701109273; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/f33VXcJEkwdqMAk79Yq9T0oSec5iR+u08/xOs9KudQ=; b=eif3KnLAGGC959QTbF9TZ3ueZUVFX88HKbpIfOLL5t0RahkmxXtucF/rgWmQUZZVw0HdDU v2PcTDsoXeWBFjLPUUg9I4IaRBQASV0qg/4Rjf8arI8DrlT/DD+64oAX9bBTGDPUU5AqjZ XbWvitaAdk8qeIr2Y0DZr8y8IOwdXEx71KNQyph7GAzbuoPGFSCeuOICb8cVMdh2HMCwY6 lsFRr1dyn6AOPtmwN34mIUjpEWOu+/9rzFPtR7PlzllLslRVp+i5/5vsLB9vv/6VhJQpIz 9RV8FKynUNqs7ZFPBv5TEdJhF5rByNPYSTlP7IIt91wxfbuivfKo+vH0D3yEcA==
In-reply-to: <902ffba6f58d98340005640134.069597ecf0.902ffba6f58d98340005640134.0695aded16.7222CCF7-F2C2-4632-A4C7-7BE9B9FB6524@cnri.reston.va.us>
List-archive: <http://www.handle.net/mailman/private/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: "Handle.Net Mailing List" <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/options/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
Organization: PANGAEA
References: <CAKKdN4Via9GQTTj8vw2Vh331zaYP8zAyKspmOJFU1Whjb--=aw@mail.gmail.com> <902ffba6f58d98340005640134.0695460f91.902ffba6f58d98340005640134.0695a1503f.80B0AB0A-53EA-41C4-85E2-59FA25B488EB@cnri.reston.va.us> <CAJqMLZpyqL9FcGE13+Zr3ioB3+GaSH2pgekyw-0ChnS_5P_R_w@mail.gmail.com> <902ffba6f58d98340005640134.069597ecf0.902ffba6f58d98340005640134.0695aded16.7222CCF7-F2C2-4632-A4C7-7BE9B9FB6524@cnri.reston.va.us>
Sender: handle-info-bounces@cnri.reston.va.us
User-agent: Mozilla Thunderbird

Hi Stanley,

As this problem looks like a more complicated support thing to do: Howabout quickly execute "apt install certbot" and request a letsencryptcertiicate until this is solved? I get complaints from many peoplealready. Accoring to them the problem started already on lat week Friday(only on Firefox).

Actually Chrome works fine at moment, as Chrome longer checks forinvalidated certificates (the check is too expensive). Firefox stilldoes the check, so maybe a new certificate is the only way to go.

Uwe

P.S.: At PANGAEA we changed to letsencrypt long time ago and we are alsogetting wildcard certificates from them. This has proven asmaintenance-friendly as you do not need to order new ones and certbotworks fine (unless you have strange firewalls).


Am 27.11.2023 um 19:00 schrieb Stanley Weilnau:

Interesting.  I was on a chat with GoDaddy, and they stated the cert was good until Dec 14, 2023.  I did ask about revocation and they said it was not.  Time to chat with them again.  Thank you for the information.

Stanley Weilnau

On Nov 27, 2023, at 12:35 PM, Gerhard Gonter <ggonter@gmail.com> wrote:

On Mon, Nov 27, 2023 at 5:36 PM Stanley Weilnau
<sweilnau@cnri.reston.va.us> wrote:

I am puzzled.  I checked with GoDaddy.com about the certificate.  The checkers they showed me have it still valid.  We are working on an updated certificate at this time.

The current certificate is only valid until Dec 14 07:06:15 2023 GMT,
so maybe someone ordered a new one and revoked the current one.  As
far as I can tell, it shows up in Godaddy's revokation list already:

<pre>
$ openssl x509 -noout -text -in hdl.handle.net.crt | fgrep crl
                  URI:http://crl.godaddy.com/gdig2s1-4758.crl
$ openssl x509 -noout -serial -in hdl.handle.net.crt
serial=BAB2A135B54649F2
$ openssl crl -inform DER -text -noout -in gdig2s1-4758.crl | fgrep -A
4 BAB2A135B54649F2
    Serial Number: BAB2A135B54649F2
        Revocation Date: Nov 23 03:40:59 2023 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code:
                Superseded
</pre>

regards, Gerhard Gonter

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info


--
UWE SCHINDLER
Software Architecture, Apache Lucene, Elasticsearch
PANGAEA - Data Publisher for Earth & Environmental Science
MARUM (UNICOM 2 building) - University of Bremen
Room 4.3060, Mary-Somerville-Straße 2-4, D-28359 Bremen
Tel.: +49 421 218 65595
Fax:  +49 421 218 65505
https://www.pangaea.de/
E-mail: uschindler@pangaea.de

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

References:
- [Handle-info] Invalid TLS certificate on hdl.handle.net
  - From: Alan Orth <alan.orth@gmail.com>
- Re: [Handle-info] Invalid TLS certificate on hdl.handle.net
  - From: Gerhard Gonter <ggonter@gmail.com>

Prev by Date: Re: [Handle-info] Invalid TLS certificate on hdl.handle.net
Next by Date: Re: [Handle-info] Invalid TLS certificate on hdl.handle.net
Previous by thread: Re: [Handle-info] Invalid TLS certificate on hdl.handle.net
Next by thread: Re: [Handle-info] Invalid TLS certificate on hdl.handle.net
Index(es):
- Date
- Thread