Certificate for list.orgmode.org appears to be expired: My browser is giving me ERR_CERT_DATE_INVALID Best, Ihor
Ihor Radchenko <yantar92@gmail.com> writes: > Certificate for list.orgmode.org appears to be expired: > My browser is giving me ERR_CERT_DATE_INVALID There is a CNAME record (handled by digitalocean.com) making the "list.orgmode.org" domain name an alias for "orgmode.yhetil.org", hosted by Kyle, which works fine. On the nginx config, there is: server { server_name orgmode.org; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; rewrite ^/list/(.*) https://list.orgmode.org/$1 permanent; } The last line rewrites requests like https://orgmode.org/list/875ynnojvf.fsf@localhost to https://list.orgmode.org/875ynnojvf.fsf@localhost which is supposed to be handled by the CNAME alias. This is the configuration that used to work so far, I don't understand why it doesn't work anymore as I didn't change anything. Certificates for orgmode.org and yhetil.org are OK. Kyle, do you have any clue? -- Bastien
Bastien Guerry <bzg@gnu.org> writes: > rewrite ^/list/(.*) https://list.orgmode.org/$1 permanent; Side note: Regexp here is probably the reason why https://orgmode.org/list (without trailing slash) gives 404. Best, Ihor
Bastien Guerry <bzg@gnu.org> writes: > Ihor Radchenko <yantar92@gmail.com> writes: > >> Certificate for list.orgmode.org appears to be expired: >> My browser is giving me ERR_CERT_DATE_INVALID > > There is a CNAME record (handled by digitalocean.com) making the > "list.orgmode.org" domain name an alias for "orgmode.yhetil.org", > hosted by Kyle, which works fine. > ... > This is the configuration that used to work so far, I don't understand > why it doesn't work anymore as I didn't change anything. Certificates > for orgmode.org and yhetil.org are OK. I am not 100% sure if it is relevant, but https://stackoverflow.com/questions/9935229/cname-ssl-certificates appears to say that list.orgmode.org should also have a valid certificate. Looking at the certificate of list.orgmode.org, I see the following: Common Name list.orgmode.org ... Validity Not Before Sun, 20 Mar 2022 05:49:24 GMT Not After Sat, 18 Jun 2022 05:49:23 GMT ... SHA-1 7E:25:A8:B5:1A:DE:BF:67:F8:DD:22:C1:1B:E5:ED:7E:50:D0:D5:38 Clearly, the certificate for list.orgmode.org expired today. Best, Ihor
On 18/06/2022 15:33, Bastien Guerry wrote:
> Ihor Radchenko writes:
>
> The last line rewrites requests like
> https://orgmode.org/list/875ynnojvf.fsf@localhost
> to
> https://list.orgmode.org/875ynnojvf.fsf@localhost
> which is supposed to be handled by the CNAME alias.
>
> This is the configuration that used to work so far, I don't understand
> why it doesn't work anymore as I didn't change anything. Certificates
> for orgmode.org and yhetil.org are OK.
orgmode.yhetil.org, list.orgmode.org and yhetil.org sites have
independent TLS certificates each one for 1 hostname.
Unless certificate for yhetil.org is renewed, it will have the same
problem a week later.
Ihor Radchenko <yantar92@gmail.com> writes:
> Side note: Regexp here is probably the reason why
> https://orgmode.org/list (without trailing slash) gives 404.
This should be fixed.
--
Bastien
Hi, Has anyone written a link type for Mastodon that would allow you to org-capture the post/status ("toot") at point? I'm referring to mastodon.el (https://codeberg.org/martianh/mastodon.el), which is available via install-packages. Yours, Christian
Bastien Guerry writes:
> Kyle, do you have any clue?
Yes. The SSL certs on my end are wired up to be automatically
refreshed. In order for them to be in effect, though, I need to
manually restart nginx. There's probably a better way to handle this,
but I just have a reminder.
Anyway, based on how the expiration dates for various domains line up,
it's usually okay if I don't act on that for a day or two, but in this
case it bumped right against the list.orgmode.org expiration.
Sorry about that (but you can't get your money back :>)
Hi Kyle, Kyle Meyer <kyle@kyleam.com> writes: > Anyway, based on how the expiration dates for various domains line up, > it's usually okay if I don't act on that for a day or two, but in this > case it bumped right against the list.orgmode.org expiration. Great certificates expire alike :) > Sorry about that (but you can't get your money back :>) Thanks for restarting the server - I took this opportunity to refresh the list of certificates for *.orgmode.org, we shall be all set until Sept. 16th. -- Bastien
Christian Moe <mail@christianmoe.com> writes:
> Has anyone written a link type for Mastodon that would allow you to
> org-capture the post/status ("toot") at point?
>
> I'm referring to mastodon.el
> (https://codeberg.org/martianh/mastodon.el), which is available via
> install-packages.
No AFAIK. But it is very easy to define new link types in Org. You can
do it yourself. See A.3 Adding Hyperlink Types section of the manual.
Best,
Ihor
Yes, I probably will write my own (and share it here). Just wanted to
check first if the wheel had already been invented, as I'm feeling
lazy. Thanks for confirming it probably hasn't.
Yours,
Christian
Ihor Radchenko writes:
> Christian Moe <mail@christianmoe.com> writes:
>
>> Has anyone written a link type for Mastodon that would allow you to
>> org-capture the post/status ("toot") at point?
>>
>> I'm referring to mastodon.el
>> (https://codeberg.org/martianh/mastodon.el), which is available via
>> install-packages.
>
> No AFAIK. But it is very easy to define new link types in Org. You can
> do it yourself. See A.3 Adding Hyperlink Types section of the manual.
>
> Best,
> Ihor