search

pyenv / pyenv-installer

This tool is used to install `pyenv` and friends.
MIT License
3.96k stars 428 forks source link

IMPORTANT Domain pyenv.run needs reissuing due to expired intermediate certs #99

Closed n3storm closed 4 years ago

n3storm commented 4 years ago 
curl https://pyenv.run | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: certificate has expired

Check: https://www.ssllabs.com/ssltest/analyze.html?d=pyenv.run

Meanwhile users can:

curl https://pyenv.run | bash

cmbuckley commented 4 years ago

You can solve this by removing the expired intermediates, rather than needing to reissue anything.

Your cert chain looks like this:

 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=pyenv.run
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

You can remove certs 2 and 3, since clients should have the newer USERTrust certificate installed, which is now a root certificate.

Some more info on HN: https://news.ycombinator.com/item?id=23362759

robnagler commented 4 years ago

This is fixed. Thanks for letting us know!