Expired certificate errors

python / pythondotorg

Source code for python.org

https://www.python.org

Apache License 2.0

1.5k stars 594 forks source link

Expired certificate errors #1050

Closed franciscouzo closed 7 years ago

franciscouzo commented 7 years ago

I got this error:

The certificate expired on 02/01/2017 06:03 PM. The current time is 02/01/2017 07:06 PM.

When trying to access https://python.org, www.python.org works just fine.

malemburg commented 7 years ago

On 01.02.2017 23:07, Francisco Couzo wrote:

I got this error:

The certificate expired on 02/01/2017 06:03 PM. The current time is 02/01/2017 07:06 PM.

When trying to access https://python.org, www.python.org works just fine.

The old StartSSL wildcard certificate *.python.org expired today.

https://python.org/ is supposed to redirect to https://www.python.org/. Perhaps the redirector is still using the StartSSL cert ?!

-- Marc-Andre Lemburg Python Software Foundation http://www.python.org/psf/ http://www.malemburg.com/

ned-deily commented 7 years ago

That means that the links on hg.python.org commit pages back to bugs.python.org are currently failing, for example, the link on https://hg.python.org/cpython/rev/aa7ac93d23b2 to Issue 20185.

MarkMangoba commented 7 years ago

@ned-deily @malemburg we are moving away from startssl, i've contacted Gandi but they are also having an issue with there provider at the moment. As soon as I get an update i'll update the issue.

MarkMangoba commented 7 years ago

@ned-deily @malemburg everything should be operational now, updated the wildcard *.python.org good till 2020.

matrixise commented 7 years ago

Are you sure ? I have an error with the SSL certificate from wiki.python.org wiki.python.org uses an invalid security certificate. The certificate expired on 02/01/2017 10:03 PM. The current time is 02/02/2017 06:59 AM.

MarkMangoba commented 7 years ago

@matrixise sorry you are correct, wiki does not pass through lb, i'm going to have to ping @malemburg on this one.

malemburg commented 7 years ago

@MarkMangoba front.python.org, which the wiki uses as LB, still runs the old cert. Perhaps you need to restart the LB ?! See https://front.python.org/

malemburg commented 7 years ago

@MarkMangoba https://python.org/ does not seem to pass through front. I can see that python.org (without www.) now uses a new Gandi wildcard cert, but front.python.org still has the old StartSSL one.

The python.org server is hosted with Rackspace, whereas front is hosted at OSUOSL.

malemburg commented 7 years ago

AFAIK, front.python.org is still configured using Chef: https://github.com/python/psf-chef/tree/master/cookbooks/psf-loadbalancer instead of the new Salt stack we use for the Rackspace VMs: https://github.com/python/psf-salt

MarkMangoba commented 7 years ago

@malemburg thanks for the info, all resolved.

malemburg commented 7 years ago

On 02.02.2017 18:19, Mark Mangoba wrote:

@malemburg thanks for the info, all resolved.

Thanks, Mark.

-- Marc-Andre Lemburg http://www.malemburg.com/