Closed harukaeru closed 5 years ago
thanks for the report. we will investigate this carefully and let you know. transferred the issue in an appropriate repo.
It seems like we need to update the DNS records. See https://docs.readthedocs.io/en/latest/custom_domains.html @ask can you do it?
@fireantology What about you?
Only as has access to DNS panel, I also asked him permission via twitter to handover server access to the current maintainer as I don't have the time anymore. Waiting is confirmation
Read the Docs can issue this SSL cert once the DNS is updated. To get this certificate issued:
Change the CNAME for docs.celeryproject.org (docs):
$ dig CNAME +short docs.celeryproject.org
celery.readthedocs.org.
# This should return "readthedocs.io"
Once you've updated the CNAME, some one with access to the project on Read the Docs needs to go to https://readthedocs.org/dashboard/celery/domains/, edit the domain (make sure HTTPS is checked) and save it. This will cause Read the Docs to revalidate and issue the SSL cert.
Read the Docs got another report of this. In the meantime, I have set the default domain for the celery docs to be plain HTTP. This should help prevent search engines from indexing the HTTPS version which generates a certificate warning. Once the DNS is updated, you can set it back to HTTPS.
Edit: clarification
Hey! I gave away control of the celery readthedocs account a long time ago. Is this the asmallorange dns? I can share login there if necessary. Do we have to change the CNAME record?
Yes we do. Please hand the login credentials to me.
Sorry to bug, but this is still showing up as an issue, I still get the certificate errors following search results.
@ask Can you please send me the credentials?
it's working now.
Strangely, I still see the SSL error. Digging deeper (pun not intended), I saw that my computer still sees the CNAME to celery.readthedocs.org
, which is the old one. If I lookup with Google's Dig tool, I saw the readthedocs.io CNAME. Strange. 1.1.1.1
sees the old one, even purging the cache didn't fix it.
So I looked up celeryproject.org's NS records and decided to check both of them:
; <<>> DiG 9.10.6 <<>> @ns1.asmallorange.com docs.celeryproject.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17478
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;docs.celeryproject.org. IN A
;; ANSWER SECTION:
docs.celeryproject.org. 3600 IN CNAME readthedocs.io.
;; Query time: 153 msec
;; SERVER: 67.228.207.194#53(67.228.207.194)
;; WHEN: Tue Jul 30 09:41:59 CEST 2019
;; MSG SIZE rcvd: 79
That looks good, however, ns2 gave me a different response:
; <<>> DiG 9.10.6 <<>> @ns2.asmallorange.com docs.celeryproject.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59951
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;docs.celeryproject.org. IN A
;; ANSWER SECTION:
docs.celeryproject.org. 3600 IN CNAME celery.readthedocs.org.
;; Query time: 143 msec
;; SERVER: 67.19.36.196#53(67.19.36.196)
;; WHEN: Tue Jul 30 09:42:05 CEST 2019
;; MSG SIZE rcvd: 84
Looks like the DNS provider has some inconsistencies causing some users to see the old CNAME and still get the error.
I'm seeing the same as @jerr0328
Description
Once I proceed into some documentation pages, some alert saying the page is danger appeared. Seemingly, https protocol is used there but I believe your certification seems to be invalid because this certification is slightly different from
celeryproject.org
.For instances, this https://docs.celeryproject.org/en/latest/index.html is regarded as insecure. Not all pages are indicated as insecure but partly.
The following images are the replays on Safari.
Suggestions
I wanted to suggest that someones rewrite page links which use
https
on your documentation tohttp
, or get the certificate to implementhttps
properly.Actually, I'm not in trouble with that. Of course I can ignore it and I believe you may know this trivial problem, but I would be happy if it was fixed :)