1. Einstein Toolkit Avatar Einstein Toolkit
  2. Einstein Toolkit
  3. tickets
  4. Issues

Certificate for https://cactuscode.org is not trusted

Issue #2536 open
Erik Schnetter created an issue

The certificate for https://cactuscode.org is not trusted. The certificate for https://www.cactuscode.org is working fine.

Comments (15)

  6. Roland Haas

    I get the same bad certificate issue (Firefox, Linux, not at LSU). This is also the topic as the “Need config info for cactuscode.org vs www.cactuscode.org” conversation with Sai Pinnepalli at LSU (there should be emails from around May 10th):

    Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for cactuscode.org. The certificate is only valid for the following names: lsu.edu, *.lsu.edu

    Error code: SSL_ERROR_BAD_CERT_DOMAIN

  7. Erik Schnetter reporter

    With Chrome, I see

    Your connection is not private
Attackers might be trying to steal your information from cactuscode.org (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

  8. Erik Schnetter reporter

    My cell phone (also Safari) also reports a certificate problem.

    I also received an independent report from some else.

  11. Erik Schnetter reporter

    Yes, my cell phone lists “lsu.edu” as “Common Name” of the “Subject Name” of the certificate.

    It seems “lsu.edu” is the certificate name. This might just be a string that looks like a URL (maybe it could be just “LSU” instead).

    I also see “lsu.edu” and “*.lsu.edu” as “DNS Name” in the “Subject Alternative Name” (on my phone).

  12. Erik Schnetter reporter

    Steve

    If you access the web site from within LSU, then maybe your DNS or DHCP setup might mark “lsu.edu” as trusted? Are you accessing it from outside LSU, and without VPN?

  14. Roland Haas

    Indeed if we had a DNS A entry from cactuscode.org to einsteintoolkit.github.io then both https://cactuscode.org and https://www.cactuscode.org should result in the same website being delivered. GitHub is not fully clear on this on https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/about-custom-domains-and-github-pages#using-an-apex-domain-for-your-github-pages-site where they state

    For example, if you configure www.example.com as the custom domain for your site, and you have GitHub Pages DNS records set up for the apex and www domains, then example.com will redirect to www.example.com. Note that automatic redirects only apply to the www subdomain. Automatic redirects do not apply to any other subdomains, such as blog

  15. Roland Haas

    Right now with https the certificates do not match eg one gets:

    $ curl -I --resolve cactuscode.org:443:185.199.108.153 https://cactuscode.org/
curl: (60) SSL: no alternative certificate subject name matches target host name 'cactuscode.org'

    while with www (for which a CNAME entry exists) it works fine:

    $ curl -I --resolve www.cactuscode.org:443:185.199.108.153 https://www.cactuscode.org/
HTTP/2 200
server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Thu, 03 Jun 2021 17:52:12 GMT
access-control-allow-origin: *
etag: "60b916cc-162d"
expires: Thu, 03 Jun 2021 18:07:53 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: B928:072C:1DF684:3BFC8C:60B91821
accept-ranges: bytes
date: Thu, 03 Jun 2021 17:58:04 GMT
via: 1.1 varnish
age: 11
x-served-by: cache-pwk4948-PWK
x-cache: HIT
x-cache-hits: 1
x-timer: S1622743085.638120,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 2995efdb1d35c95f3fd3b967d71a0fb3d980e170
content-length: 5677

  16. Log in to comment
Assignee
Type
bug
Priority
major
Status
open
Component
Cactus website
Milestone
Version
development version
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!