gitlab.haskell.org certificate expired?
Daniel Gröber
dxld at darkboxed.org
Sun Feb 14 23:46:40 UTC 2021
Hi,
indeed looks to be broken, even though my browser still doesn't complain
the openssl command sure does:
$ openssl s_client -showcerts -verify_return_error -4 -connect gitlab.haskell.org:443 < /dev/null
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = gitlab.haskell.org
verify error:num=10:certificate has expired
notAfter=Feb 14 23:21:04 2021 GMT
140217764021376:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915:
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2594 bytes and written 317 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
FYI I wrote a super simple monitoring script using faketime+openssl to
prevent this sort of thing from happening in case you guys are interested:
https://meta.it-syndikat.org/t/tls-monitoring-fur-unsere-infrastruktur/2492
The description is in German unfortunately, but the script itself is
commented in English of course ;)
We install this as a cron.daily job and use a cron monitoring make sure the
script runs, but I suspect if you're not worried about the "it actually
ran" part cron's default emails would work just as well.
--Daniel
On Sun, Feb 14, 2021 at 11:37:45PM +0000, Richard Eisenberg wrote:
> Hi Ben,
>
> It looks like the Let's Encrypt certificate for gitlab.haskell.org <http://gitlab.haskell.org/> has expired, as of about 15 minutes ago. I guess it's time to renew.
>
> Thanks,
> Richard
More information about the ghc-devs
mailing list