search

reynhout / chrx

Chromebook Unix
419 stars 56 forks source link

chrx site certificate not trusted #87

Closed binary-person closed 4 years ago

binary-person commented 4 years ago

Hi, there is a certificate error on chrx.org that is making the script unusable. Also https://galliumos.org/ is not working either, so I can't download that either.

reynhout commented 4 years ago

@scheng123 Thanks for the report!

I updated certificates last night, and for some reason chrx.org received a testing cert from Let's Encrypt, instead of a trusted production cert. I'll fix that ASAP. the LE certificate issuer appears to be down at the moment.

The certificate on galliumos.org was also updated last night, but it received a proper production cert, and everything looks good to me. Not sure what happened there, but let me know if you continue to have problems.

EDIT I updated 23 certificates last night -- only chrx.org/www.chrx.org received a test certificate. LE incident report: https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5dd157fd53c977075541890a

EDIT2 While we wait for the LE certificate issuer to come back, you should be able to add the -k option to chrx to ignore the certificate problem:

cd ; curl -Osk https://chrx.org/go && sh go
reynhout commented 4 years ago

UPDATE Let's Encrypt cert issuer is fixed, and chrx.org cert is fixed. Please let me know if you see any further issues. Thanks again @scheng123 for the report!

binary-person commented 4 years ago

Damn, that's a lot of certificates to update. (I feel ya. Getting one certificate to work with certbot is annoying. Getting multiple to work is just... unexpecting errors) Btw, I've tried a lot before the site was down.

One of the things I've tried was adding the k option but the install script (go) had other things in mind. Such as downloading dist.tar.gz chrx-install. I suggest you handle that in the script because the errors like gzip: stdin: not in gzip format are super misleading.

Finally, if you are the owner of the awesome https://galliumos.org site, please update the mirrors. All except the primary mirror didn't have the 3.0 version of gallium.

Otherwise thanks for this awesome project and you welcome! :)

binary-person commented 4 years ago

Regarding the gallium error last night, on my end, the server timed out. I tried accessing from a different IP but no avail. Looks like someone last night was bored enough to DDoS Dreamhost.