Project

General

Profile

Task #2605

https://www.libreoffice-box.org/ fails with invalid cert

Added by Dennis Roczek over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Domains and DNS
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:
URL:

Description

Hi Guilhem,

can you check https://www.libreoffice-box.org/ ?

It seems missing the correct certificate. (Just found because I'm searching with a bot for dead links on TDFWIKI).

Regards,

Dennis

History

#1 Updated by Guilhem Moulin over 1 year ago

Is there a link to https://www.libreoffice-box.org/ (with that exact scheme and hostname)? AFAICT that vhost never had a valid cert:

https://crt.sh/?CN=www.libreoffice-box.org
https://crt.sh/?dNSName=www.libreoffice-box.org

libreoffice-box.org is a convenient domain name which I guess was registered to prevent domain squatting and accommodate typos user make in their URL bars. I see no reason to “pollute” the SAN list of our certs with gazillion of convenient domains. Instead, I suggest we redirect to the https://$canonical_domain, like for the ones below:

$ curl -so/dev/null -w'%{http_code} %{url_effective} -> %{redirect_url}\n' "{www.,}{thedocumentfoundation,document-foundation}.org" 
301 http://www.thedocumentfoundation.org/ -> https://www.documentfoundation.org/
301 http://www.document-foundation.org/ -> https://www.documentfoundation.org/
301 http://thedocumentfoundation.org/ -> https://www.documentfoundation.org/
301 http://document-foundation.org/ -> https://www.documentfoundation.org/

#2 Updated by Guilhem Moulin over 1 year ago

  • Status changed from New to Closed

Guilhem Moulin wrote:

Instead, I suggest we redirect to the https://$canonical_domain […]

Just did that

 $ curl -so/dev/null -w'%{http_code} %{url_effective} -> %{redirect_url}\n' "{www.,}libreoffice{,-}box.{org,de}" 
301 http://www.libreofficebox.org/ -> https://www.libreofficebox.org/
301 http://www.libreofficebox.de/ -> https://de.libreofficebox.org/
301 http://www.libreoffice-box.org/ -> https://www.libreofficebox.org/
301 http://www.libreoffice-box.de/ -> https://de.libreofficebox.org/
301 http://libreofficebox.org/ -> https://www.libreofficebox.org/
301 http://libreofficebox.de/ -> https://de.libreofficebox.org/
301 http://libreoffice-box.org/ -> https://www.libreofficebox.org/
301 http://libreoffice-box.de/ -> https://de.libreofficebox.org/

#3 Updated by Dennis Roczek over 1 year ago

Guilhem Moulin wrote:

Is there a link to https://www.libreoffice-box.org/ (with that exact scheme and hostname)? AFAICT that vhost never had a valid cert:

https://wiki.documentfoundation.org/index.php?target=www.libreoffice-box.org&namespace=&title=Special%3ALinkSearch

oh no, only a http link, but my browser with https everywhere redirected it...

#4 Updated by Guilhem Moulin over 1 year ago

Dennis Roczek wrote:

Guilhem Moulin wrote:

Is there a link to https://www.libreoffice-box.org/ (with that exact scheme and hostname)? AFAICT that vhost never had a valid cert:

https://wiki.documentfoundation.org/index.php?target=www.libreoffice-box.org&namespace=&title=Special%3ALinkSearch

Just changed that to https://www.libreofficebox.org for browsers that cached the previously broken redirect.

oh no, only a http link, but my browser with https everywhere redirected it...

Ah? HTTP Everywhere 2018.4.11 has no ruleset matching www.libreoffice-box.org (which make sense since no cert valid for that hostname was ever registered to Certificate Transparency). There are rules for libreofficebox.org and www.libreofficebox.org, though:

https://www.eff.org/https-everywhere/atlas/domains/libreofficebox.org.html

(and indeed these two have “valid” certs). There was a broken redirection from http://www.libreoffice-box.org to https://www.libreoffice-box.org, which I changed to redirect to https://www.libreofficebox.org instead.

Also available in: Atom PDF