Certificate for https://cactuscode.org is not trusted

Issue #2536 open
Erik Schnetter created an issue

The certificate for https://cactuscode.org is not trusted. The certificate for https://www.cactuscode.org is working fine.

Comments (15)

  1. Roland Haas

    I get the same bad certificate issue (Firefox, Linux, not at LSU). This is also the topic as the “Need config info for cactuscode.org vs www.cactuscode.org” conversation with Sai Pinnepalli at LSU (there should be emails from around May 10th):

    Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for cactuscode.org. The certificate is only valid for the following names: lsu.edu, *.lsu.edu

    Error code: SSL_ERROR_BAD_CERT_DOMAIN

  2. Erik Schnetter reporter

    With Chrome, I see

    Your connection is not private
    Attackers might be trying to steal your information from cactuscode.org (for example, passwords, messages, or credit cards). Learn more
    NET::ERR_CERT_COMMON_NAME_INVALID
    

  3. Erik Schnetter reporter

    My cell phone (also Safari) also reports a certificate problem.

    I also received an independent report from some else.

  4. Erik Schnetter reporter

    Yes, my cell phone lists “lsu.edu” as “Common Name” of the “Subject Name” of the certificate.

    It seems “lsu.edu” is the certificate name. This might just be a string that looks like a URL (maybe it could be just “LSU” instead).

    I also see “lsu.edu” and “*.lsu.edu” as “DNS Name” in the “Subject Alternative Name” (on my phone).

  5. Erik Schnetter reporter

    Steve

    If you access the web site from within LSU, then maybe your DNS or DHCP setup might mark “lsu.edu” as trusted? Are you accessing it from outside LSU, and without VPN?

  6. Roland Haas

    Indeed if we had a DNS A entry from cactuscode.org to einsteintoolkit.github.io then both https://cactuscode.org and https://www.cactuscode.org should result in the same website being delivered. GitHub is not fully clear on this on https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/about-custom-domains-and-github-pages#using-an-apex-domain-for-your-github-pages-site where they state

    For example, if you configure www.example.com as the custom domain for your site, and you have GitHub Pages DNS records set up for the apex and www domains, then example.com will redirect to www.example.com. Note that automatic redirects only apply to the www subdomain. Automatic redirects do not apply to any other subdomains, such as blog

  7. Roland Haas

    Right now with https the certificates do not match eg one gets:

    $ curl -I --resolve cactuscode.org:443:185.199.108.153 https://cactuscode.org/
    curl: (60) SSL: no alternative certificate subject name matches target host name 'cactuscode.org'
    

    while with www (for which a CNAME entry exists) it works fine:

    $ curl -I --resolve www.cactuscode.org:443:185.199.108.153 https://www.cactuscode.org/
    HTTP/2 200
    server: GitHub.com
    content-type: text/html; charset=utf-8
    last-modified: Thu, 03 Jun 2021 17:52:12 GMT
    access-control-allow-origin: *
    etag: "60b916cc-162d"
    expires: Thu, 03 Jun 2021 18:07:53 GMT
    cache-control: max-age=600
    x-proxy-cache: MISS
    x-github-request-id: B928:072C:1DF684:3BFC8C:60B91821
    accept-ranges: bytes
    date: Thu, 03 Jun 2021 17:58:04 GMT
    via: 1.1 varnish
    age: 11
    x-served-by: cache-pwk4948-PWK
    x-cache: HIT
    x-cache-hits: 1
    x-timer: S1622743085.638120,VS0,VE1
    vary: Accept-Encoding
    x-fastly-request-id: 2995efdb1d35c95f3fd3b967d71a0fb3d980e170
    content-length: 5677
    

  8. Log in to comment