[arch-devops] Invalid SSL CN on tracker.archlinux.org

Giancarlo Razzolini grazzolini at archlinux.org
Wed Jun 24 02:06:10 UTC 2020

Em junho 19, 2020 5:01 Egor Kovetskiy via arch-devops escreveu:
> Hello,
> tracker.archlinux.org has an invalid certificate with CN =
> archive.archlinux.org
> $ openssl s_client -showcerts -connect tracker.archlinux.org:443 <<< ""
> 2>&1 | grep subject=CN
> subject=CN = archive.archlinux.org
> The link was found on https://github.com/archlinux/infrastructure

Yes, if you access over https. But the tracker actually is listening on the bittorrent port with the
correct certificate. I think we could fix this on the nginx side with either a redirection, or we could
fix on the cert side, by combining all the cn's of that machine on the same cert.

Since this machine is due to migration this week, I don't think we should touch it right now.

Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20200623/d98c856e/attachment.sig>

More information about the arch-devops mailing list