[SAC] [OSGeo] #2777: download.osgeo.org SSL certificate expired

OSGeo trac_osgeo at osgeo.org
Fri Jun 24 02:41:13 PDT 2022 

#2777: download.osgeo.org SSL certificate expired
----------------------------+-----------------------
 Reporter:  Bas Couwenberg  |      Owner:  sac@…
     Type:  defect          |     Status:  new
 Priority:  major           |  Milestone:  Unplanned
Component:  Systems Admin   |   Keywords:
----------------------------+-----------------------
 The download.osgeo.org SSL certificate expired today and was not
 automatically renewed as you'd expect for Let's Encrypt certificates:
 {{{
 $ echo QUIT | openssl s_client -connect download.osgeo.org:443
 CONNECTED(00000003)
 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
 verify return:1
 depth=1 C = US, O = Let's Encrypt, CN = R3
 verify return:1
 depth=0 CN = download-cache.osgeo.org
 verify error:num=10:certificate has expired
 notAfter=Jun 24 01:39:47 2022 GMT
 verify return:1
 depth=0 CN = download-cache.osgeo.org
 notAfter=Jun 24 01:39:47 2022 GMT
 verify return:1
 ---
 Certificate chain
  0 s:CN = download-cache.osgeo.org
    i:C = US, O = Let's Encrypt, CN = R3
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Mar 26 01:39:48 2022 GMT; NotAfter: Jun 24 01:39:47 2022
 GMT
  1 s:C = US, O = Let's Encrypt, CN = R3
    i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025
 GMT
  2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
    i:O = Digital Signature Trust Co., CN = DST Root CA X3
    a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
    v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024
 GMT
 ---
 Server certificate
 -----BEGIN CERTIFICATE-----
 MIIFSzCCBDOgAwIBAgISBJ1tI8X3ITREuxOXHNdm6YvxMA0GCSqGSIb3DQEBCwUA
 MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
 EwJSMzAeFw0yMjAzMjYwMTM5NDhaFw0yMjA2MjQwMTM5NDdaMCMxITAfBgNVBAMT
 GGRvd25sb2FkLWNhY2hlLm9zZ2VvLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBAL2u0YrDTtrvsvxwhSxI0bx9pLMKjMpC+9wxNtIH1gAOeMaIdq/y
 QnQUDhC7OicP1hf9l9WRDKdVe/OkdHLGqCu9jvNzn+TtNGjQzsJL8jJ8eWAzMGlc
 t8WyT4SW2tdQC0dUeSxnesfqqQZTff8lxfvd62WwzXC7xh+XWimdLhy4OL4AJKiO
 6AVmifAvSiYgdlgawvO0uMMm8+kv8o1yNTXzAqJbiGfeqH7zTBlfeHg3g5NLf1h6
 RzboSE6xdho32Ve26l7CaiBdYpRqacQLRd46NX2RcmSSrSaKT6u53u0FLIuW6Ww3
 LL6qpHd6nonXeOvCwxJii3tYa44IfqWJtW8CAwEAAaOCAmgwggJkMA4GA1UdDwEB
 /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
 BAIwADAdBgNVHQ4EFgQUgtHQkj2Z7nv/P3RL2YgaZ9IgELUwHwYDVR0jBBgwFoAU
 FC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB
 hhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5p
 LmxlbmNyLm9yZy8wNwYDVR0RBDAwLoIYZG93bmxvYWQtY2FjaGUub3NnZW8ub3Jn
 ghJkb3dubG9hZC5vc2dlby5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB
 BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v
 cmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgApeb7wnjk5IfBWc59jpXflvld9
 nGAK+PlNXSZcJV3HhAAAAX/EGBwSAAAEAwBHMEUCIEiWn7bykjYwp4UGEOJee/IS
 xAnL7aSRHj+06tra/4cPAiEAnZuoTb7ha8Nqmy9F8aTgZuC2uVwSR0h2sVgwOW52
 /8QAdwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAX/EGBxMAAAE
 AwBIMEYCIQCyXg9GCefoSoqal2jEBfXqSDFWDeukDEl8TmNliD0MYwIhAKvNQcNx
 gy2CyZQQGgB64N4SmM5FhuEVc+awmqnA4YhKMA0GCSqGSIb3DQEBCwUAA4IBAQBT
 cegcMdc5zSVWTIA/2EUNsFvA9J2FZhOZwCC6HNGZjMzDfYmp9pynrdj2X3evPBKT
 xqfq4GGs2SxlTdFCmwJnrnZkmY20kEB7SN4wqhU6Y35TTgrARq/fYxhRDH50CDqX
 gXPn9zZUNKkbp4oCXEocFUoHRdZ71ktTwzX429KKZfcs1LOnlfMX2Ek/6szizU7m
 35cLmh4hqGCVIwUp9/2BRHDp8WAIijmBSvva0d7jQNeaSEtFFEeGWQwKet4r7mmU
 EJSntyEQG7a6u6cppoPYsl5fqgxsWigHx7MFb0oz+9Zilrd/8tffG0LnjvsDpx+4
 TVjEXDG8qJQl7nt/FShR
 -----END CERTIFICATE-----
 subject=CN = download-cache.osgeo.org
 issuer=C = US, O = Let's Encrypt, CN = R3
 ---
 No client certificate CA names sent
 Peer signing digest: SHA256
 Peer signature type: RSA-PSS
 Server Temp Key: X25519, 253 bits
 ---
 SSL handshake has read 4615 bytes and written 400 bytes
 Verification error: certificate has expired
 ---
 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
 Server public key is 2048 bit
 Secure Renegotiation IS NOT supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 Early data was not sent
 Verify return code: 10 (certificate has expired)
 ---
 DONE
 }}}
-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2777>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list