Weird. Chrome says, “certificate valid.” If I call “openssl s_client -servername cactuscode.org -showcerts -connect cactuscode.org:443” I don’t see a certificate. If I do “openssl s_client -servername cactuscode.org -showcerts -connect www.cactuscode.org:443” I see a github cert (since the site is now on github). Nowhere, though, do I see an lsu.edu cert. Could that be cached on your machine, Erik?
I get the same bad certificate issue (Firefox, Linux, not at LSU). This is also the topic as the “Need config info for cactuscode.org vs www.cactuscode.org” conversation with Sai Pinnepalli at LSU (there should be emails from around May 10th):
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for cactuscode.org. The certificate is only valid for the following names: lsu.edu, *.lsu.edu
Error code: SSL_ERROR_BAD_CERT_DOMAIN
With Chrome, I see
Your connection is not privateAttackers might be trying to steal your information from cactuscode.org (for example, passwords, messages, or credit cards). Learn moreNET::ERR_CERT_COMMON_NAME_INVALID
My cell phone (also Safari) also reports a certificate problem.
I also received an independent report from some else.
Steven R. Brandt
Erik, do you see information about “lsu.edu” anywhere but your laptop?
^ I see the same issue as Erik.
Yes, my cell phone lists “lsu.edu” as “Common Name” of the “Subject Name” of the certificate.
It seems “lsu.edu” is the certificate name. This might just be a string that looks like a URL (maybe it could be just “LSU” instead).
I also see “lsu.edu” and “*.lsu.edu” as “DNS Name” in the “Subject Alternative Name” (on my phone).
If you access the web site from within LSU, then maybe your DNS or DHCP setup might mark “lsu.edu” as trusted? Are you accessing it from outside LSU, and without VPN?
Steven R. Brandt
So dig shows me that cactuscode.org is LSU while www.cactuscode.org is github. I didn’t set this up and am having trouble finding the email where the issue was described.
For example, if you configure www.example.com as the custom domain for your site, and you have GitHub Pages DNS records set up for the apex and www domains, then example.com will redirect to www.example.com. Note that automatic redirects only apply to the www subdomain. Automatic redirects do not apply to any other subdomains, such as blog
Right now with https the certificates do not match eg one gets:
$ curl -I --resolve cactuscode.org:443:220.127.116.11 https://cactuscode.org/
curl: (60) SSL: no alternative certificate subject name matches target host name 'cactuscode.org'
while with www (for which a CNAME entry exists) it works fine: