:: Re: [DNG] deb.devuan.org - bad cert…
Top Page
Delete this message
Reply to this message
Author: Ralph Ronnquist
Date:  
To: dng
Subject: Re: [DNG] deb.devuan.org - bad certificate?
On Fri, Aug 30, 2024 at 06:29:26AM -0400, Dan Purgert via Dng wrote:
> On Aug 30, 2024, Ralph Ronnquist via Dng wrote:
> > On Thu, Aug 29, 2024 at 05:01:43PM -0400, Dan Purgert via Dng wrote:
> > > On Aug 30, 2024, onefang wrote:
> > > > On 2024-08-29 14:05:04, Dan Purgert via Dng wrote:
> > > > > On Aug 28, 2024, R A Montante, Ph.D. via Dng wrote:
> > > > > > Hello all,
> > > > > > [...]
> > > > > > So I tried/browsing/ to "deb.rr.devuan.org" (the CNAME) and
> > > > > > got this error message (I highlighted the certificate problem
> > > > > > in red):
> > > > > [...]
> > > > > If I force https:// ; then I get a cert error for a LE cert
> > > > > applied for various "rrq.au" domains. I'd assume it's just
> > > > > apache falling through to whatever cert it has available, rather
> > > > > than any malice.
> > > > [... convo with onefang ... ]
> >
> > Hmm. I'm not sure how you link up the domain "deb.devuan.org" with a
> > certificate of mine.
>
> "deb.rr.devuan.org" is apparently what the OP got directed to; which
> will present some LE cert affiliated with several hosts on rrq.au; if
> you attempt to use HTTPS.
>
> (Hopefully I shortened it to the salient points properly :) )


Yes, the nginx (mis-) configuration resulted in the fallback response
to https requests for "undefined" subdomains of "rrq.au" to be mapped
as targeting "deb.rrq.au". I believe I've now got it configured better
by instead offering a 404 response to them prior to serving an SSL
certificate.

Thanks. Ralph.

>
> --
> |_|O|_|
> |_|_|O| Github: https://github.com/dpurgert
> |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860




> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng