https://www.obofoundry.org warns "Your connection is not private"

[nlharris]

Trish W asked:

did the OBO Foundry page used to have a https accessible version? I tried to access it from a link (https://www.obofoundry.org/ontology/doid.html) on the DO site and got the page "Your connection is not private".

Indeed, that URL doesn't work, but the problem isn't the https, it's the www. https://obofoundry.org/ works, as does https://obofoundry.org/ontology/doid.html. looks like DO needs to update their link to remove the ‘www’, but it would be nice if we handled this issue better.

[jamesaoverton]

I was able to replicate this issue, but it seems to be resolving itself since I started writing this reply...

obofoundry.org is a domain we own, but the site is hosted by GitHub Pages. We enabled HTTPS in this issue #1674, and it was working.

Now when I look at https://obofoundry.org I also see a security warning, as Trish descibed. The SSL certificate is valid but it's for *.github.io instead of obofoundry.org. So I think this is a problem with out GitHub Pages SSL settings.

When I look in the settings for this repo (admin access required) https://github.com/OBOFoundry/OBOFoundry.github.io/settings/pages under Custom Domain I see an orange warning "DNS Check in Progress". My first guess is that the DNS verification of our custom domain is messed up somehow.

@kltm is our domain name and SSL guru: can you please look into this?

[jamesaoverton]

As of this moment, https://obofoundry.org works for me without a warning. In that setting page I now see "DNS check successful".

[nlharris]

https://obofoundry.org/ worked for me yesterday, and still does. https://www.obofoundry.org/ontology/doid.html still gives the warning. Is there a way to make that work, since there seem to be links out there that use www.obofoundry.org?

[kltm]

Just to clarify, do we know if this worked in the past, or if people are just noticing it now?

As @jamesaoverton mentions, the issue looks like:

http --headers https://www.obofoundry.org

http: error: SSLError: HTTPSConnectionPool(host='www.obofoundry.org', port=443): Max retries exceeded with url: / (Caused by SSLError(CertificateError("hostname 'www.obofoundry.org' doesn't match either of '*.github.io', 'github.io', 'githubusercontent.com', 'www.github.com', '*.github.com', '*.githubusercontent.com', 'github.com'"))) while doing a GET request to URL: https://www.obofoundry.org/

Hm. For starters, working through https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages , I finally got "DNS Check in Progress" to "DNS check successful" for obofoundry.org.

Also, I made some adjustments to the CNAME for www.obofoundry.org along the lines of https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site#configuring-an-apex-domain-and-the-www-subdomain-variant , to OBOFoundry.github.io. (I swear this documentation has changed.)

That said, with these adjustments, it still looks like it not working. Yet. Maybe is takes time for things to propagate? We can check in later on.

[kltm]

Amusingly:

http --headers https://OBOFoundry.github.io
HTTP/1.1 301 Moved Permanently
[...]
Location: http://obofoundry.org/

Note the lack of upgrade there. Is there any reason that the automatic upgrade is not applied for obofoundry.org?