:: [devuan-dev] TLS (ping nextime)
Top Page
Delete this message
Reply to this message
Author: hellekin
Date:  
To: devuan-dev
Subject: [devuan-dev] TLS (ping nextime)
https://files.devuan.org/ is now serving a Startcom certificate. I pass
you the details of LE testing and failing, even with the native client.

nextime, I checked https://package.devuan.org/, your config is missing
the full chain: it dumps sec_error_unknown_issuer on Tor Browser Bundle.
The error is invisible in Firefox but it triggers an extra download for
the intermediate certificate.

See:
https://www.ssllabs.com/ssltest/analyze.html?d=packages.devuan.org&s=46.105.191.77&latest
(C-f Incomplete)

Here's what's on devuan.org for comparison:

  ssl_certificate     /srv/letsencrypt/certs/devuan.org/fullchain.pem;
  ssl_certificate_key /srv/letsencrypt/certs/devuan.org/key.pem;



Once that's fixed we can announce the fixes, and maybe pour in the new
organization of files.devuan.org. (In case you missed it,
/<release>/devuan-<release>-<version>/* so we can serve
devuan-<release>-<version>.torrent from this directory)

Cheers,

==
hk

-- 
 _ _     We are free to share code and we code to share freedom
(_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/