Hi all, At some point the certificate chain for oligarchy.org became invalid and it’s no longer possible to securely download files: ``` $ curl -IL https://oligarchy.co.uk/xapian/1.4.3/xapian-core-1.4.3.tar.xz curl: (60) SSL certificate problem: Invalid certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ``` Since http:// redirects to https://, apparently we can’t connect at all: https://www.ssllabs.com/ssltest/analyze.html?d=oligarchy.org
Hi Alex, I think this might be fixed already? At least today I could download again while two days ago I suffered from the same problem. Cheers, Mario On 16.03.2017 01:17, Alex wrote:> Hi all, > > At some point the certificate chain for oligarchy.org became invalid and > it’s no longer possible to securely download files: > > ``` > $ curl -IL https://oligarchy.co.uk/xapian/1.4.3/xapian-core-1.4.3.tar.xz > > curl: (60) SSL certificate problem: Invalid certificate chain > More details here: https://curl.haxx.se/docs/sslcerts.html > > curl performs SSL certificate verification by default, using a "bundle" > of Certificate Authority (CA) public keys (CA certs). If the default > bundle file isn't adequate, you can specify an alternate file > using the --cacert option. > If this HTTPS server uses a certificate signed by a CA represented in > the bundle, the certificate verification probably failed due to a > problem with the certificate (it might be expired, or the name might > not match the domain name in the URL). > If you'd like to turn off curl's verification of the certificate, use > the -k (or --insecure) option. > ``` > > Since http:// redirects to https://, apparently we can’t connect at all: https://www.ssllabs.com/ssltest/analyze.html?d=oligarchy.org > >
On Wed, Mar 15, 2017 at 05:17:06PM -0700, Alex wrote:> At some point the certificate chain for oligarchy.org became invalid and > it’s no longer possible to securely download files: > > ``` > $ curl -IL https://oligarchy.co.uk/xapian/1.4.3/xapian-core-1.4.3.tar.xz > > curl: (60) SSL certificate problem: Invalid certificate chain > More details here: https://curl.haxx.se/docs/sslcerts.htmlSorry about that - it seems apache reload doesn't reload certificates. Now fixed. Thanks for reporting.> Since http:// redirects to https://, apparently we can’t connect at all: https://www.ssllabs.com/ssltest/analyze.html?d=oligarchy.orgThat's the wrong domain - ".org" should be ".co.uk". Cheers, Olly