[SAC] [OSGeo] #2777: download.osgeo.org SSL certificate expired
OSGeo
trac_osgeo at osgeo.org
Fri Jun 24 10:36:02 PDT 2022
#2777: download.osgeo.org SSL certificate expired
----------------------------+----------------------------------------
Reporter: Bas Couwenberg | Owner: sac@…
Type: defect | Status: new
Priority: major | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
----------------------------+----------------------------------------
Comment (by Bas Couwenberg):
The certificate validates again:
{{{
$ echo QUIT | openssl s_client -connect download.osgeo.org:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = download-cache.osgeo.org
verify return:1
---
Certificate chain
0 s:CN = download-cache.osgeo.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 24 15:12:35 2022 GMT; NotAfter: Sep 22 15:12:34 2022
GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025
GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024
GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISA0IAjfwb60R4qyvr6M2l/wm9MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA2MjQxNTEyMzVaFw0yMjA5MjIxNTEyMzRaMCMxITAfBgNVBAMT
GGRvd25sb2FkLWNhY2hlLm9zZ2VvLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKVb0FTEv+5U3JN9pAUpUxWGscdwY2rI/eSa3klAmsXTc/o9xRNT
QG1OPhYbPIaM939jqlHcVc9g7XEv5cCWtZj7roi0lWN2oCjyY4qBiVN4PMkmJrki
H5V/wEVmBYJTvvPulKP2sA95z+GUZPMrI91Dj00Vq1T4iUwpzkm5x/fhmj+8qu2w
OQBf0fCdlY4jKbYTkf8MezF54xxLWOGtnwCM10YLaOLISd9G4nYM6Nvlg3JsKEU+
tSYAetNzEIAPAnA6XvicQCXoXn0uhxkE9Ho+v+6UcN2ThRiPO1W+ETnMzJwOfPJR
ewGT8vAG2uvr6B5CXxJLBz/uZp1+nLGFxDkCAwEAAaOCAmYwggJiMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQUybLRBDCuHihmw1YhmmVwxRYk864wHwYDVR0jBBgwFoAU
FC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB
hhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5p
LmxlbmNyLm9yZy8wNwYDVR0RBDAwLoIYZG93bmxvYWQtY2FjaGUub3NnZW8ub3Jn
ghJkb3dubG9hZC5vc2dlby5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB
BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v
cmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBByMqx3yJGShDGoToJQodeTjGL
GwPr60vHaPCQYpYG9gAAAYGWfJV6AAAEAwBGMEQCIF9OYWNKqe4W/znZDb7vmHoQ
9/haoTzfPSegmWm6t60PAiB8LkXyvjMFnT7oxJQADFTM7VxswdevXiQUBM+t97gh
TQB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABgZZ8lZEAAAQD
AEcwRQIhAK4FP1sr2Qy0aDMrlpMDBOAGVJ+zVvjq4RO9RTRu1M51AiAa8IfMrABD
nPyrt9FI0AbkyS+MGThvBLQ/uP/FDR638jANBgkqhkiG9w0BAQsFAAOCAQEAA58v
4P/SNI/D1iT+iTJ5zIdNK3tk5/8LkP2+gidpyo41cMF1OfIm3DUHnZIHmc7QIllC
YT8N00JkPwJt8jQNBUVPWlbIJUH11IkjjJ3qTcqiyF3nXSqMmTFhBz6MPHd71fA0
isk2k8oYDpl9PwA/uBR+A/x0oAsRF65dC8XuwijBF5EppO1qmjEQbT+qXlrtqgDH
RBk0L6WctptkvcOhZg+ex9pzd2e8Gvc/Q1aXf8HF16BmOj7AyBQxc7oPQTjYVlR7
pztC6+26O2YLs7+5AhsZbsHkHX+WgF/lRdI6y10dckmmtqg73XKPvG2nPqIzMrOb
03JEOu/wTp/yo2wJ3Q==
-----END CERTIFICATE-----
subject=CN = download-cache.osgeo.org
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4613 bytes and written 400 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
}}}
What caused the autorenewal to fail?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2777#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list