search

wintercg / proposal-common-minimum-api

https://common-min-api.proposal.wintercg.org/
Other
216 stars 15 forks source link

Spec websites are down #59

Open melroy89 opened 9 months ago

melroy89 commented 9 months ago

Your spec sites are all down.. Like: https://common-min-api.proposal.wintercg.org/

Jolg42 commented 8 months ago

I just tried this link, and it worked now. Already solved I guess.

melroy89 commented 8 months ago

No?

image

Jolg42 commented 8 months ago

For me:

Screenshot 2023-10-24 at 22 30 05
melroy89 commented 8 months ago

That is strange, the site does load under Chromium but not under Firefox. I don't use a VPN.

melroy89 commented 8 months ago

It seems the web site "https://common-min-api.proposal.wintercg.org/" is using an invalid security certificate! (Again according to Firefox).. Something is wrong the TLS server setup here... EDIT: nope that is not the case..

melroy89 commented 8 months ago

I will run: https://www.ssllabs.com/ssltest/analyze.html?d=common%2dmin%2dapi.proposal.wintercg.org&latest

melroy89 commented 8 months ago

Locally I also can not use curl on this domain:

curl -vvv https://common-min-api.proposal.wintercg.org
* Could not resolve host: common-min-api.proposal.wintercg.org
* Closing connection 0
curl: (6) Could not resolve host: common-min-api.proposal.wintercg.org

For the record I'm using OpenDNS.

Jolg42 commented 8 months ago

@melroy89 maybe try a DNS lookup with dig common-min-api.proposal.wintercg.org

Output for me (using Cloudflare DNS here)

; <<>> DiG 9.10.6 <<>> common-min-api.proposal.wintercg.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41816
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;common-min-api.proposal.wintercg.org. IN A

;; ANSWER SECTION:
common-min-api.proposal.wintercg.org. 300 IN CNAME proposal-*.deno.dev.
proposal-*.deno.dev.    60  IN  A   34.120.54.55

;; Query time: 276 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Oct 25 08:25:55 CEST 2023
;; MSG SIZE  rcvd: 114

From the lookup I can see that the actual website URL is https://proposal-common-min-api.deno.dev/ so maybe that one works better for you.

legendecas commented 8 months ago

Seems like a same issue as https://github.com/wintercg/www/issues/35

melroy89 commented 8 months ago

dig common-min-api.proposal.wintercg.org

Yes got the same output I think:

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> common-min-api.proposal.wintercg.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;common-min-api.proposal.wintercg.org. IN A

;; ANSWER SECTION:
common-min-api.proposal.wintercg.org. 300 IN CNAME proposal-*.deno.dev.
proposal-*.deno.dev.    60  IN  A   34.120.54.55

;; Query time: 44 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Oct 25 20:38:21 CEST 2023
;; MSG SIZE  rcvd: 114

You're right https://proposal-common-min-api.deno.dev/ does load fine here!!

andreubotella commented 6 months ago

Closing this issue, since the problem seems to have been long fixed. If it happens again, please do comment or open a new issue.

melroy89 commented 6 months ago

No it's not fixed. The original url still doesn't work in Opera Mobile (it also used to not work under Firefox): https://common-min-api.proposal.wintercg.org/

mk-pmb commented 6 months ago

digging from a Strato data center in Germany, as well as from the Heidelberg University network,

;; ANSWER SECTION:
common-min-api.proposal.wintercg.org. 300 IN CNAME proposal-*.deno.dev.
proposal-*.deno.dev.    60      IN      A       34.120.54.55

I've never seen wildcards used in the middle of a name in DNS replies, so maybe that's exotic enough to confuse some resolvers.

melroy89 commented 6 months ago

Yeah, you are right, it's a strange use of wildcard:

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> common-min-api.proposal.wintercg.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55031
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;common-min-api.proposal.wintercg.org. IN A

;; ANSWER SECTION:
common-min-api.proposal.wintercg.org. 300 IN CNAME proposal-*.deno.dev.
proposal-*.deno.dev.    60  IN  A   34.120.54.55

;; Query time: 84 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Jan 08 18:50:02 CET 2024
;; MSG SIZE  rcvd: 114

Curl gives me (another domain just work fine):

$ curl -v https://common-min-api.proposal.wintercg.org
* Could not resolve host: common-min-api.proposal.wintercg.org
* Closing connection 0
curl: (6) Could not resolve host: common-min-api.proposal.wintercg.org

Output of resolvectl (under Linux Mint):

$ resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp6s0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (enp4s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 208.67.222.222
       DNS Servers: 208.67.222.222 208.67.220.220 192.168.1.1

Link 4 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
mk-pmb commented 6 months ago

Also, even though I'm able to resolve the IP, my Firefox complains

Secure Connection Failed An error occurred during a connection to common-min-api.proposal.wintercg.org. PR_END_OF_FILE_ERROR

I have no idea what that means. A quick websearch found https://superuser.com/a/1492755 and https://support.mozilla.org/en-US/questions/1315880 but both seem to (edit: NOT) have a really good clue. It seems like the error code can mean a lot of things, and most of the "solutions" about VPN etc. seem to be just work-arounds that circumvent a secondary problem. It might be about TLS cipher suites but I have no idea how to debug that.

melroy89 commented 6 months ago

seem to be just work-arounds that circumvent a secondary problem. It might be about TLS cipher suites but I have no idea how to debug that.

Try, what does that gives you?:

curl -iv -o /dev/null https://common-min-api.proposal.wintercg.org
mk-pmb commented 6 months ago

Try, what does that gives you?:

* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* CONNECT phase completed!
* CONNECT phase completed!
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to common-min-api.proposal.wintercg.org:443
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to common-min-api.proposal.wintercg.org:443
ekwoka commented 6 months ago

Is it worth making an issue to Deno Deploy? It looks like that's the host and manager for this.