search

SSLMate / certspotter

Certificate Transparency Log Monitor
https://sslmate.com/certspotter
Mozilla Public License 2.0
983 stars 84 forks source link

ctserver.cnnic.cn connectivity error #24

Closed fdellwing closed 7 years ago

fdellwing commented 7 years ago

Since tonight I'm getting the following error message. My new certificates (LE) are still being detected.

/root/go/bin/certspotter: ctserver.cnnic.cn: 2017/11/20 12:03:04 Error retrieving STH from log: Get https://ctserver.cnnic.cn/ct/v1/get-sth: read tcp 172.16.3.35:42770->218.241.105.21:443: read: connection reset by peer

Opening https://ctserver.cnnic.cn/ct/v1/get-sth gives a SEC_ERROR_UNKNOWN_ISSUER.

Linux icinga2 4.4.0-97-generic #120~14.04.1-Ubuntu SMP Wed Sep 20 15:53:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

GOARCH="amd64"                                                                                                                                                                                                                               
GOBIN=""                                                                                                                                                                                                                                     
GOEXE=""                                                                                                                                                                                                                                     
GOHOSTARCH="amd64"                                                                                                                                                                                                                           
GOHOSTOS="linux"                                                                                                                                                                                                                             
GOOS="linux"                                                                                                                                                                                                                                 
GOPATH="/root/go"                                                                                                                                                                                                                            
GORACE=""                                                                                                                                                                                                                                    
GOROOT="/usr/lib/go-1.9"                                                                                                                                                                                                                     
GOTOOLDIR="/usr/lib/go-1.9/pkg/tool/linux_amd64"                                                                                                                                                                                             
GCCGO="gccgo"                                                                                                                                                                                                                                
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build673615947=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
AGWA commented 7 years ago

Occasionally CT logs have downtime and will cause errors like the one above. When the log comes back, the errors will stop. If the log doesn't come back, and dips below 99% availability over a 90 day period, Chrome will distrust it and we'll remove it from Cert Spotter.