Closed jaredledvina closed 6 years ago
Yeah, it's because of the SAN:
❯ echo | openssl s_client -showcerts -servername docs.sensu.io -connect docs.sensu.io:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:88:f7:66:4d:b2:6a:f5:72:a1:da:14:29:cc:db:55:90:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Mar 16 18:37:07 2018 GMT
Not After : Jun 14 18:37:07 2018 GMT
Subject: CN=docs-preview.sensuapp.com
........
X509v3 Subject Alternative Name:
DNS:docs-preview.sensuapp.com, DNS:docs-preview.sensuapp.org, DNS:docs.sensu.io, DNS:docs.sensuapp.com, DNS:docs.sensuapp.org
........
❯ curl -I http://sensuapp.org/docs/1.2/files/sensu_ssl_tool.tar
HTTP/1.1 301 Moved Permanently
Date: Tue, 20 Mar 2018 03:37:33 GMT
Connection: keep-alive
Content-Type: text/html
Location: https://sensuapp.org/docs/1.2/files/sensu_ssl_tool.tar
Content-Length: 120
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Server: thin
Via: 1.1 vegur
So far, no luck here, I'm either missing some dependency or getting an old version of whichever package is supposed to actually figure out the SNI logic. Instead, I opened up https://github.com/sensu/sensu-docs/issues/298 to see if we can issue the Let's Encrypt certificate directly for docs.sensu.io instead of docs-preview.sensu.io and avoid doing any of this all together.
https://github.com/sensu/sensu-ansible/pull/151 fixes this, going to merge and cut a release to close out this bug.
Released in 2.4.0: https://github.com/sensu/sensu-ansible/releases/tag/2.4.0
See https://travis-ci.org/sensu/sensu-ansible/jobs/352856869#L898