Opened 5 years ago

Closed 5 years ago

#2349 closed defect (fixed)

*.osgeo.org SSL certificate expired (as used for geotiff.osgeo.org)

Reported by: Bas Couwenberg Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2019-II
Component: SysAdmin Keywords:
Cc:

Description

Accessing https://geotiff.osgeo.org triggers browser warnings due to the SSL certificate being expired: 

$ openssl s_client -connect geotiff.osgeo.org:443
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, O = SSL.com, OU = www.ssl.com, CN = SSL.com DV CA
verify return:1
depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.osgeo.org
verify error:num=10:certificate has expired
notAfter=May  1 23:59:59 2019 GMT
verify return:1
depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.osgeo.org
notAfter=May  1 23:59:59 2019 GMT
verify return:1
---
Certificate chain
 0 s:OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.osgeo.org
   i:C = US, O = SSL.com, OU = www.ssl.com, CN = SSL.com DV CA
 1 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
 2 s:C = US, O = SSL.com, OU = www.ssl.com, CN = SSL.com DV CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
---

Change History (3)

comment:1 by wildintellect, 5 years ago

I wonder if this got lost when we moved things off the old-web server, which had the old wildcard cert and not the new let's encrypt.

I see the old config:

<VirtualHost 140.211.15.66:80>

ServerName geotiff.osgeo.org RewriteEngine on RewriteCond %{HTTP_HOST} geotiff\.osgeo\.org$ RewriteRule /(.*) http://trac.osgeo.org/geotiff/ [R,L]

</VirtualHost>

<VirtualHost 140.211.15.66:80>

ServerName libgeotiff.osgeo.org RewriteEngine on RewriteCond %{HTTP_HOST} libgeotiff\.osgeo\.org$ RewriteRule /(.*) http://trac.osgeo.org/geotiff/ [R,L]

</VirtualHost>

We should be able to port that over to the new webserver and continue redirecting. The destination trac sites do appear to have working certs.

comment:2 by robe, 5 years ago

Milestone: Sysadmin Contract 2019-II

I'll repoint to new server and setup a redirect

comment:3 by robe, 5 years ago

Resolution: fixed
Status: newclosed

Moved to osgeo7

Note: See TracTickets for help on using tickets.