Forum.duniter.org https certification is invalid

why? Is your https certificate expired?

This happens only to the firefox brower.
The chrome or ΙΕ browser works.

I am using the latest 64bit firefox version.

https://forum.duniter.org/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false -----BEGIN CERTIFICATE----- MIIE+jCCA+KgAwIBAgIRAPbqHY1XszNkbEaL9WtRi4gwDQYJKoZIhvcNAQELBQAw XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy MB4XDTE3MDQyNzAwMDAwMFoXDTE5MDQyNzIzNTk1OVowYTEhMB8GA1UECxMYRG9t YWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQLExtHYW5kaSBTdGFuZGFyZCBX aWxkY2FyZCBTU0wxFjAUBgNVBAMMDSouZHVuaXRlci5vcmcwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCRXP3Rv5bxMCzQ18jxETdUYWbHW5dyk1WlDDUa 7McJgK6Y9A5k6fpPw/BTUPErX9C4fpe911RkS35kfOkRVP9Gm+dK4Hol1sk26UKe ADIA5zq4eBwh5XGPWgADDCv2+bCMf015kjSv8fFtHSPJXJ9+3ZG5roCGOuDzREew qZAO+yBPtdXeypTzenVSx4HWanAaAzJkXGtFW7qGFtmmK4K0xvfb0s0yntLCgWDV TFo3bkiAzO9Rc3YWsgW24JuAatYISoH7g1s83cHe08apR7wPJltr4UkvFBYFT5Ef qwszHg2opu+QVhUJv/qhTxF717IhyJZ3YZjydT+V4MHcICbPAgMBAAGjggGtMIIB qTAfBgNVHSMEGDAWgBSzkKfYya9OzWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUWUTx 7VpnyvX3pVaiyHlR8W5qorMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYB BAGyMQECAhowJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNv bTAIBgZngQwBAgEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1 c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8 BggrBgEFBQcwAoYwaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRh cmRTU0xDQTIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3Qu Y29tMCUGA1UdEQQeMByCDSouZHVuaXRlci5vcmeCC2R1bml0ZXIub3JnMA0GCSqG SIb3DQEBCwUAA4IBAQB6cXVrZDGLGHqMk034ancIFatms+5hWCWQb1K8G10jXxKc Fv6mdBnHodSrAfBR7FB1YDl+EF3Ye+6yfJPCKiCsR1Sc5McZjwf+4MvrcPT/ZCqx HDE6cMCqFl4kOrLXu+th8pRK258mmPzFnEWLXoVD8LdjO3LyCJ1o6fOrXSJdkcoX Y68r6ya0BoAKMyoCjmHba/12sAfLDE9i4EXe3q87IF+VRkuoq+Ra5WEmzFiIpUkV E+I+8hWZI4pOTfii/qCELQN7bRS7/orUOdJl9KxYYhKC3LEWgJvrl4cmUHC067QJ yJMSc5vK30kl5oNzhPg/V9+4tE6F9CooheyAUTS4 -----END CERTIFICATE-----

work correctly for me (firefox ESR 52.1.1 (64-bit))

You have an ESR version.
And you have not the latest version.
The latest firefox version is Mozilla Firefox 53.0.3

I think this is specific from your side :


Thats interesting.
So do you think that firefox 53.0.3 does not include the same certificate issuers worldwide?

Here you are the info:
Common Name = *.duniter.org

The certificate issuer is unknown.

Issued by: Gandi Standard SSL CA 2

I have absolutely no idea. Gandi is a well-known issuer. But so many parameters can play, only you can conduct the investigation (for instance if your firefox is provided by someone else than directly mozilla fundation and so on)

I have downloaded my firefox from mozilla foundation, and it is setup for automatic updates.
Until now the certificate issuer was considered known, and I had no problem with duniter.
The problem occured maybe as the result of a firefox update.

I google it, and it seems it happened again at 2014
https://support.mozilla.org/en-US/questions/1035276

That’s true, i experimented same problem on first connexion from other PC

The first connection is very crucial in https.
If they issue to you a fake certificate , you are doomed.

I have same issue with Eolie.

If you know how to generate a free certificate using Let’s Encrypt for the forum, we could use it instead of the wildcard.

@cgeek if I have time I will try to make you short procedure tonight.
Do you use nginx or apache2 or other ?

Nginx.

1 « J'aime »

Un message a été déplacé vers un nouveau sujet : Let’s Encrypt

J’essaye ça dès demain !

Voilà, le certificat HTTPS du forum a changé et devient un certificat Let’s Encrypt.

Résultats de votre côté ?

Edit : allez hop remerciement en quelques Ğ1, car c’est une sacré économie en UNL pour moi :slight_smile:

3 « J'aime »

Trop cool !

ca marche

1 « J'aime »

Je mettrai la proc avec celles que je prépare pour gitlab. On pourra se faire un ensemble des trucs d’admin sys qu’on utilise.