[SAC] [OSGeo] #2777: download.osgeo.org SSL certificate expired

OSGeo trac_osgeo at osgeo.org
Fri Jun 24 10:36:02 PDT 2022 

#2777: download.osgeo.org SSL certificate expired
----------------------------+----------------------------------------
 Reporter:  Bas Couwenberg  |       Owner:  sac@…
     Type:  defect          |      Status:  new
 Priority:  major           |   Milestone:  Sysadmin Contract 2022-II
Component:  Systems Admin   |  Resolution:
 Keywords:                  |
----------------------------+----------------------------------------
Comment (by Bas Couwenberg):

 The certificate validates again:
 {{{
 $ echo QUIT | openssl s_client -connect download.osgeo.org:443
 CONNECTED(00000003)
 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
 verify return:1
 depth=1 C = US, O = Let's Encrypt, CN = R3
 verify return:1
 depth=0 CN = download-cache.osgeo.org
 verify return:1
 ---
 Certificate chain
  0 s:CN = download-cache.osgeo.org
    i:C = US, O = Let's Encrypt, CN = R3
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Jun 24 15:12:35 2022 GMT; NotAfter: Sep 22 15:12:34 2022
 GMT
  1 s:C = US, O = Let's Encrypt, CN = R3
    i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025
 GMT
  2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
    i:O = Digital Signature Trust Co., CN = DST Root CA X3
    a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
    v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024
 GMT
 ---
 Server certificate
 -----BEGIN CERTIFICATE-----
 MIIFSTCCBDGgAwIBAgISA0IAjfwb60R4qyvr6M2l/wm9MA0GCSqGSIb3DQEBCwUA
 MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
 EwJSMzAeFw0yMjA2MjQxNTEyMzVaFw0yMjA5MjIxNTEyMzRaMCMxITAfBgNVBAMT
 GGRvd25sb2FkLWNhY2hlLm9zZ2VvLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBAKVb0FTEv+5U3JN9pAUpUxWGscdwY2rI/eSa3klAmsXTc/o9xRNT
 QG1OPhYbPIaM939jqlHcVc9g7XEv5cCWtZj7roi0lWN2oCjyY4qBiVN4PMkmJrki
 H5V/wEVmBYJTvvPulKP2sA95z+GUZPMrI91Dj00Vq1T4iUwpzkm5x/fhmj+8qu2w
 OQBf0fCdlY4jKbYTkf8MezF54xxLWOGtnwCM10YLaOLISd9G4nYM6Nvlg3JsKEU+
 tSYAetNzEIAPAnA6XvicQCXoXn0uhxkE9Ho+v+6UcN2ThRiPO1W+ETnMzJwOfPJR
 ewGT8vAG2uvr6B5CXxJLBz/uZp1+nLGFxDkCAwEAAaOCAmYwggJiMA4GA1UdDwEB
 /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
 BAIwADAdBgNVHQ4EFgQUybLRBDCuHihmw1YhmmVwxRYk864wHwYDVR0jBBgwFoAU
 FC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB
 hhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5p
 LmxlbmNyLm9yZy8wNwYDVR0RBDAwLoIYZG93bmxvYWQtY2FjaGUub3NnZW8ub3Jn
 ghJkb3dubG9hZC5vc2dlby5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB
 BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v
 cmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBByMqx3yJGShDGoToJQodeTjGL
 GwPr60vHaPCQYpYG9gAAAYGWfJV6AAAEAwBGMEQCIF9OYWNKqe4W/znZDb7vmHoQ
 9/haoTzfPSegmWm6t60PAiB8LkXyvjMFnT7oxJQADFTM7VxswdevXiQUBM+t97gh
 TQB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABgZZ8lZEAAAQD
 AEcwRQIhAK4FP1sr2Qy0aDMrlpMDBOAGVJ+zVvjq4RO9RTRu1M51AiAa8IfMrABD
 nPyrt9FI0AbkyS+MGThvBLQ/uP/FDR638jANBgkqhkiG9w0BAQsFAAOCAQEAA58v
 4P/SNI/D1iT+iTJ5zIdNK3tk5/8LkP2+gidpyo41cMF1OfIm3DUHnZIHmc7QIllC
 YT8N00JkPwJt8jQNBUVPWlbIJUH11IkjjJ3qTcqiyF3nXSqMmTFhBz6MPHd71fA0
 isk2k8oYDpl9PwA/uBR+A/x0oAsRF65dC8XuwijBF5EppO1qmjEQbT+qXlrtqgDH
 RBk0L6WctptkvcOhZg+ex9pzd2e8Gvc/Q1aXf8HF16BmOj7AyBQxc7oPQTjYVlR7
 pztC6+26O2YLs7+5AhsZbsHkHX+WgF/lRdI6y10dckmmtqg73XKPvG2nPqIzMrOb
 03JEOu/wTp/yo2wJ3Q==
 -----END CERTIFICATE-----
 subject=CN = download-cache.osgeo.org
 issuer=C = US, O = Let's Encrypt, CN = R3
 ---
 No client certificate CA names sent
 Peer signing digest: SHA256
 Peer signature type: RSA-PSS
 Server Temp Key: X25519, 253 bits
 ---
 SSL handshake has read 4613 bytes and written 400 bytes
 Verification: OK
 ---
 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
 Server public key is 2048 bit
 Secure Renegotiation IS NOT supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 Early data was not sent
 Verify return code: 0 (ok)
 ---
 DONE
 }}}
 What caused the autorenewal to fail?
-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2777#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list