SSL certificate does not work "out of the box" with Firefox

[ignacio]

As pointed out on lua-l, Firefox shows a security warning when navigating to https://rocks.moonscript.org/

According to http://wiki.gandi.net/en/ssl/faq , an intermediate certificate must be installed in the server.

[blueyed]

It appears to work with Firefox for me (on Ubuntu).

But I have problems accessing it with curl, wget etc:

% curl https://rocks.moonscript.org/manifest
curl: (60) SSL certificate problem: unable to get local issuer certificate

This causes a build failure with neovim for me.

[leafo]

Switching SSL providers, hopefully the issue should be resolved over the day as everything propagates

[ignacio]

Nice, thanks. The change of providers implies that the instructions provided (link in first comment) don't work or are there other reasons?

[leafo]

I moved the site into cloudflare and they provide free ssl. Cloudflare will only encrypt traffic from your browser to them, so the old cert will still exist on the server.

[ignacio]

Great, thank you.

[leafo]

I also added the intermediate certificate, so until the new certificate is active, the old one should work in Firefox. (I am unable to test though because my Firefox never had the issue)

[ignacio]

Firefox 32.0.3 does not show the security warning anymore.

[ignacio]

Ehm, it's not working now.

rocks.moonscript.org uses an invalid security certificate. The certificate is only valid for the following names: ssl2000.cloudflare.com, cloudflare.com, *.cloudflare.com (Error code: ssl_error_bad_cert_domain)

[blueyed]

Similar issue with curl, which reports:

% curl https://rocks.moonscript.org/manifest curl: (51) SSL: no alternative certificate subject name matches target host name 'rocks.moonscript.org'

[leafo]

Alright, cloudflare disabled until I figure it out.