#2270 closed defect (fixed)
HTTPS broken for gdal.org and mapserver.org due to certificate issue
| Reported by: | rouault | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
All in the title. Firefox refuses to access them. wget is also broken
$ LC_ALL=C wget http://gdal.org/gdalicon.png --2019-03-30 23:14:32-- http://gdal.org/gdalicon.png Resolving gdal.org (gdal.org)... 140.211.15.3 Connecting to gdal.org (gdal.org)|140.211.15.3|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://gdal.org/gdalicon.png [following] --2019-03-30 23:14:32-- https://gdal.org/gdalicon.png Connecting to gdal.org (gdal.org)|140.211.15.3|:443... connected. ERROR: no certificate subject alternative name matches requested host name 'gdal.org'. To connect to gdal.org insecurely, use `--no-check-certificate'.
Change History (12)
comment:1 by , 5 years ago
| Summary: | HTTPS broken for gdal.org and mapserver.org due to SSL issue → HTTPS broken for gdal.org and mapserver.org due to certificate issue |
|---|
comment:2 by , 5 years ago
comment:3 by , 5 years ago
Interestingly, https://www.gdal.org works (with www.), but https://gdal.org used to work
comment:5 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
For some reason it was trying to use the www.gdal.org one. I reinstalled the cert and both gdal.org and www.gdal.org seem fine now from my end.
comment:6 by , 5 years ago
Just fixed mapserver.org too. I'll go thru the others to make sure they are still okay.
comment:7 by , 5 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Regine, I confirm that https://gdal.org/ now works, but https://www.gdal.org/ and https://mapserver.org/ have still broken certificates here
comment:8 by , 5 years ago
Alright something is going on. Let me try to troubleshoot the configs.
I saw mapserver.org was broken and then fixed it, but it appears to be broken again.
www.gdal.org seems fine though - redirects to gdal.org for me.
It might be left over from the old certbot I removed, like some apache plugin thing.
comment:9 by , 5 years ago
Okay I figured out what is going in. These sites all have the same conf file and Let's encrypt when I do a cert for the next replaces the cert that was there.
So cert of the umn. broke the mapserver.org.
I'm going to split these out into separate confs so this doesn't happen again.
comment:10 by , 5 years ago
Okay I decided not to split them and instead recert them together so they share the same cert with the below commands
certbot-auto -d mapserver.org -d www.mapserver.org -d mapserver.gis.umn.edu -d www3.mapserver.org certbot-auto -d gdal.org -d www.gdal.org certbot-auto -d geotools.org -d www.geotools.org
That seems to work. I still need to purge the old certs so they don't bother renewing. I'll do that and then close this out. At a glance mapserver.org and gdal.org appear to be the only ones that have multiple domains in the apache config besides openlayers.
comment:11 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Okay so all should be good now and I deleted the redundant ssls that got created so there aren't multiple for each mapserver,gdal,geotools combo.
If you still see issues let me know.
Probably due to ticket #2256 upgrades to cert bot.