Re: [Handle-info] Invalid TLS certificate on hdl.handle.net

Subject: Re: [Handle-info] Invalid TLS certificate on hdl.handle.net

Date: Mon, 27 Nov 2023 21:57:43 +0300

Delivered-to: handle-info-archive@cnriweb-cogent.cnri.reston.va.us

Delivered-to: handle-info@cnriweb.cnri.reston.va.us

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701111475; x=1701716275; darn=cnri.reston.va.us; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=v5k4zc43/8yKD4ZTAVSDnshM6XiimmM05rnSB7GXWio=; b=LeemXxuVjkPkDU7WUvLJbHj2CPYUurZRqkT5iOV6PYbVG6KmV9SJRMJ8NLudjamiAP Sxeod0bcqg6Ex5jJxhWejuFJZLSroRQt8kGdC4M97RLisRbaDMQkiLYNoKjKHsTD1IxV TpXSjJsDlRK88b5qSPn4QAasXJZ6h/ib8rlTgBMZQI9UB2bI4qWEvpveFkWTbZvLJKey 4FQ0KbFJC0T4Ep6k8U5ZnN+X2d1H1EjC2B0TZIVnzlc4BBqTxaYujLaPw4IQnyRYBB54 GvLmKRtzp2qq1FV+HkvwH3IuMiHDHTbPzFw/Yh7/pcYuRxOW7qNWxFSTItffLNsYmJn0 M5tw==

In-reply-to: <902ffba6f58d98340005640134.0695d42b5e.be810b7e-d926-41f2-8084-4d0ba70c240f@pangaea.de>

List-archive: <http://www.handle.net/mailman/private/handle-info/>

List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>

List-id: "Handle.Net Mailing List" <handle-info.cnri.reston.va.us>

List-post: <mailto:handle-info@cnri.reston.va.us>

List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>

List-unsubscribe: <http://www.handle.net/mailman/options/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>

References: <CAKKdN4Via9GQTTj8vw2Vh331zaYP8zAyKspmOJFU1Whjb--=aw@mail.gmail.com> <902ffba6f58d98340005640134.0695a1503f.80B0AB0A-53EA-41C4-85E2-59FA25B488EB@cnri.reston.va.us> <CAJqMLZpyqL9FcGE13+Zr3ioB3+GaSH2pgekyw-0ChnS_5P_R_w@mail.gmail.com> <902ffba6f58d98340005640134.0695aded16.7222CCF7-F2C2-4632-A4C7-7BE9B9FB6524@cnri.reston.va.us> <902ffba6f58d98340005640134.0695d70647.e5f17022-29fc-47bd-a221-3d20886d6d11@pangaea.de> <902ffba6f58d98340005640134.0695d42b5e.be810b7e-d926-41f2-8084-4d0ba70c240f@pangaea.de>

Sender: handle-info-bounces@cnri.reston.va.us

Perfect. Thanks all. It's working again.

Regards,

On Mon, Nov 27, 2023 at 9:35 PM <uschindler@pangaea.de> wrote:

Hi,

looks like you solved the issue. The new certificate is live. It looks
like it was issued Nov 20th, so Gerhard's guess may be correct.

https://www.ssllabs.com/ssltest/analyze.html?d=hdl.handle.net

Looks like all servers have working certificate. Thanks!

Uwe

Am 27.11.2023 um 19:21 schrieb uschindler@pangaea.de:
> Hi Stanley,
>
> As this problem looks like a more complicated support thing to do: How
> about quickly execute "apt install certbot" and request a letsencrypt
> certiicate until this is solved? I get complaints from many people
> already. Accoring to them the problem started already on lat week
> Friday (only on Firefox).
>
> Actually Chrome works fine at moment, as Chrome longer checks for
> invalidated certificates (the check is too expensive). Firefox still
> does the check, so maybe a new certificate is the only way to go.
>
> Uwe
>
> P.S.: At PANGAEA we changed to letsencrypt long time ago and we are
> also getting wildcard certificates from them. This has proven as
> maintenance-friendly as you do not need to order new ones and certbot
> works fine (unless you have strange firewalls).
>
> Am 27.11.2023 um 19:00 schrieb Stanley Weilnau:
>> Interesting. I was on a chat with GoDaddy, and they stated the cert
>> was good until Dec 14, 2023. I did ask about revocation and they said
>> it was not. Time to chat with them again. Thank you for the
>> information.
>>
>> Stanley Weilnau
>>
>>
>>> On Nov 27, 2023, at 12:35 PM, Gerhard Gonter <ggonter@gmail.com> wrote:
>>>
>>> On Mon, Nov 27, 2023 at 5:36 PM Stanley Weilnau
>>> <sweilnau@cnri.reston.va.us> wrote:
>>>> I am puzzled. I checked with GoDaddy.com about the certificate.
>>>> The checkers they showed me have it still valid. We are working on
>>>> an updated certificate at this time.
>>> The current certificate is only valid until Dec 14 07:06:15 2023 GMT,
>>> so maybe someone ordered a new one and revoked the current one. As
>>> far as I can tell, it shows up in Godaddy's revokation list already:
>>>
>>> <pre>
>>> $ openssl x509 -noout -text -in hdl.handle.net.crt | fgrep crl
>>>                   URI:http://crl.godaddy.com/gdig2s1-4758.crl
>>> $ openssl x509 -noout -serial -in hdl.handle.net.crt
>>> serial=BAB2A135B54649F2
>>> $ openssl crl -inform DER -text -noout -in gdig2s1-4758.crl | fgrep -A
>>> 4 BAB2A135B54649F2
>>>     Serial Number: BAB2A135B54649F2
>>>         Revocation Date: Nov 23 03:40:59 2023 GMT
>>>         CRL entry extensions:
>>>             X509v3 CRL Reason Code:
>>>                 Superseded
>>> </pre>
>>>
>>> regards, Gerhard Gonter
>> _______________________________________________
>> Handle-Info mailing list
>> Handle-Info@cnri.reston.va.us
>> http://www.handle.net/mailman/listinfo/handle-info
>
--
UWE SCHINDLER
Software Architecture, Apache Lucene, Elasticsearch
PANGAEA - Data Publisher for Earth & Environmental Science
MARUM (UNICOM 2 building) - University of Bremen
Room 4.3060, Mary-Somerville-Straße 2-4, D-28359 Bremen
Tel.: +49 421 218 65595
Fax: +49 421 218 65505
https://www.pangaea.de/
E-mail: uschindler@pangaea.de

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________ Handle-Info mailing list Handle-Info@cnri.reston.va.us http://www.handle.net/mailman/listinfo/handle-info