The CollEc certificate expired on 2024-08-10 Christian Zimmermann https://ideas.repec.org/zimm/
Christian Zimmermann writes
The CollEc certificate expired on 2024-08-10
The correct certificat is on the server. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
This should have been CD's issue, but I'm looking at it now root@helos ~ # grep ssl_ /etc/nginx/sites-available/collec.repec.org ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/letsencrypt/opt/live/repec.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/opt/live/repec.org/privkey.pem; # managed by Certbot root@helos ~ # ls -l /etc/letsencrypt/opt/live/repec.org/fullchain.pem lrwxrwxrwx 1 root root 38 Jul 13 02:58 /etc/letsencrypt/opt/live/repec.org/fullchain.pem -> ../../archive/repec.org/fullchain6.pem root@helos ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem This is the same as we use for NEP root@siche ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem So it is referenced in the ngix configuration and it is the correct one. But maybe he used a different config. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
Sorry. I will look into it tomorrow. -------- Original Message -------- On 9/6/24 01:00, Thomas Krichel <krichel@openlib.org> wrote:
This should have been CD's issue, but I'm looking at it now
root@helos ~ # grep ssl_ /etc/nginx/sites-available/collec.repec.org ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/letsencrypt/opt/live/repec.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/opt/live/repec.org/privkey.pem; # managed by Certbot
root@helos ~ # ls -l /etc/letsencrypt/opt/live/repec.org/fullchain.pem lrwxrwxrwx 1 root root 38 Jul 13 02:58 /etc/letsencrypt/opt/live/repec.org/fullchain.pem -> ../../archive/repec.org/fullchain6.pem
root@helos ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem
This is the same as we use for NEP
root@siche ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem
So it is referenced in the ngix configuration and it is the correct one.
But maybe he used a different config.
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
That is not what Firefox claims Christian Zimmermann https://ideas.repec.org/zimm/ On Thu, Sep 5, 2024, 10:06 Christian Düben <cdueben.ml@proton.me> wrote:
Sorry. I will look into it tomorrow.
-------- Original Message -------- On 9/6/24 01:00, Thomas Krichel <krichel@openlib.org> wrote:
This should have been CD's issue, but I'm looking at it now
root@helos ~ # grep ssl_ /etc/nginx/sites-available/collec.repec.org ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/letsencrypt/opt/live/repec.org/fullchain.pem;
# managed by Certbot
ssl_certificate_key /etc/letsencrypt/opt/live/repec.org/privkey.pem;
# managed by Certbot
root@helos ~ # ls -l /etc/letsencrypt/opt/live/repec.org/fullchain.pem lrwxrwxrwx 1 root root 38 Jul 13 02:58 /etc/letsencrypt/opt/live/
repec.org/fullchain.pem -> ../../archive/repec.org/fullchain6.pem
root@helos ~ # ls -l /etc/letsencrypt/opt/archive/
repec.org/fullchain6.pem
-rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/ repec.org/fullchain6.pem
This is the same as we use for NEP
root@siche ~ # ls -l /etc/letsencrypt/opt/archive/ repec.org/fullchain6.pem -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/ repec.org/fullchain6.pem
So it is referenced in the ngix configuration and it is the correct one.
But maybe he used a different config.
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
Christian Zimmermann writes
That is not what Firefox claims
I am not contradicting that.
Christian Zimmermann https://ideas.repec.org/zimm/
On Thu, Sep 5, 2024, 10:06 Christian Düben <cdueben.ml@proton.me> wrote:
Sorry. I will look into it tomorrow.
-------- Original Message -------- On 9/6/24 01:00, Thomas Krichel <krichel@openlib.org> wrote:
This should have been CD's issue, but I'm looking at it now
root@helos ~ # grep ssl_ /etc/nginx/sites-available/collec.repec.org ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/letsencrypt/opt/live/repec.org/fullchain.pem;
# managed by Certbot
ssl_certificate_key /etc/letsencrypt/opt/live/repec.org/privkey.pem;
# managed by Certbot
root@helos ~ # ls -l /etc/letsencrypt/opt/live/repec.org/fullchain.pem lrwxrwxrwx 1 root root 38 Jul 13 02:58 /etc/letsencrypt/opt/live/
repec.org/fullchain.pem -> ../../archive/repec.org/fullchain6.pem
root@helos ~ # ls -l /etc/letsencrypt/opt/archive/
repec.org/fullchain6.pem
-rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/ repec.org/fullchain6.pem
This is the same as we use for NEP
root@siche ~ # ls -l /etc/letsencrypt/opt/archive/ repec.org/fullchain6.pem -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/ repec.org/fullchain6.pem
So it is referenced in the ngix configuration and it is the correct one.
But maybe he used a different config.
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
Thomas Krichel writes
Christian Zimmermann writes
That is not what Firefox claims
I am not contradicting that.
CD uses the wrong certificate, but the correct one is on helos. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
Where is it? On Friday, September 6th, 2024 at 02:13, Thomas Krichel <krichel@openlib.org> wrote:
Thomas Krichel writes
Christian Zimmermann writes
That is not what Firefox claims
I am not contradicting that.
CD uses the wrong certificate, but the correct one is on helos.
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21643rd day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
Christian Düben writes
Where is it?
See what I wrote before. Note the /opt/ | root@helos ~ # grep ssl_ /etc/nginx/sites-available/collec.repec.org | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ssl_certificate /etc/letsencrypt/opt/live/repec.org/fullchain.pem; # managed by Certbot | ssl_certificate_key /etc/letsencrypt/opt/live/repec.org/privkey.pem; # managed by Certbot | | root@helos ~ # ls -l /etc/letsencrypt/opt/live/repec.org/fullchain.pem | lrwxrwxrwx 1 root root 38 Jul 13 02:58 /etc/letsencrypt/opt/live/repec.org/fullchain.pem -> | +../../archive/repec.org/fullchain6.pem | | root@helos ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | | This is the same as we use for NEP | | root@siche ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | Everything that is copied is placed in path that contains /opt/. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21644th day.
I have now used the archived certificate in the configuration, but something still does not work. On Friday, September 6th, 2024 at 23:26, Thomas Krichel <krichel@openlib.org> wrote:
Christian Düben writes
Where is it?
See what I wrote before. Note the /opt/
| root@helos ~ # grep ssl_ /etc/nginx/sites-available/collec.repec.org | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ssl_certificate /etc/letsencrypt/opt/live/repec.org/fullchain.pem; # managed by Certbot | ssl_certificate_key /etc/letsencrypt/opt/live/repec.org/privkey.pem; # managed by Certbot | | root@helos ~ # ls -l /etc/letsencrypt/opt/live/repec.org/fullchain.pem | lrwxrwxrwx 1 root root 38 Jul 13 02:58 /etc/letsencrypt/opt/live/repec.org/fullchain.pem ->
| +../../archive/repec.org/fullchain6.pem | | root@helos ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | | This is the same as we use for NEP | | root@siche ~ # ls -l /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem | -rw-r--r-- 1 root root 2.8K Jul 13 02:58 /etc/letsencrypt/opt/archive/repec.org/fullchain6.pem |
Everything that is copied is placed in path that contains /opt/.
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21644th day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
Christian Düben writes
I have now used the archived certificate in the configuration, but something still does not work.
I am testing from 37.192.35.36 root@helos ~ # GET http://collec.repec.org <html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx</center> </body> </html> Marked in shinyproxy.access.log:37.192.35.36 - - [06/Sep/2024:14:09:11 +0000] "GET / HTTP/1.1" 499 0 "-" "lwp-request/6.77 libwww-perl/6.77" but does not seem to be the nginx log. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21644th day.
participants (4)
-
Christian Düben -
Christian Düben -
Christian Zimmermann -
Thomas Krichel