Task #2605
closedhttps://www.libreoffice-box.org/ fails with invalid cert
0%
Description
Hi Guilhem,
can you check https://www.libreoffice-box.org/ ?
It seems missing the correct certificate. (Just found because I'm searching with a bot for dead links on TDFWIKI).
Regards,
Dennis
Updated by Guilhem Moulin about 6 years ago
Is there a link to https://www.libreoffice-box.org/ (with that exact scheme and hostname)? AFAICT that vhost never had a valid cert:
https://crt.sh/?CN=www.libreoffice-box.org
https://crt.sh/?dNSName=www.libreoffice-box.org
libreoffice-box.org is a convenient domain name which I guess was registered to prevent domain squatting and accommodate typos user make in their URL bars. I see no reason to “pollute” the SAN list of our certs with gazillion of convenient domains. Instead, I suggest we redirect to the https://$canonical_domain, like for the ones below:
$ curl -so/dev/null -w'%{http_code} %{url_effective} -> %{redirect_url}\n' "{www.,}{thedocumentfoundation,document-foundation}.org" 301 http://www.thedocumentfoundation.org/ -> https://www.documentfoundation.org/ 301 http://www.document-foundation.org/ -> https://www.documentfoundation.org/ 301 http://thedocumentfoundation.org/ -> https://www.documentfoundation.org/ 301 http://document-foundation.org/ -> https://www.documentfoundation.org/
Updated by Guilhem Moulin about 6 years ago
- Status changed from New to Closed
Guilhem Moulin wrote:
Instead, I suggest we redirect to the https://$canonical_domain […]
Just did that
$ curl -so/dev/null -w'%{http_code} %{url_effective} -> %{redirect_url}\n' "{www.,}libreoffice{,-}box.{org,de}" 301 http://www.libreofficebox.org/ -> https://www.libreofficebox.org/ 301 http://www.libreofficebox.de/ -> https://de.libreofficebox.org/ 301 http://www.libreoffice-box.org/ -> https://www.libreofficebox.org/ 301 http://www.libreoffice-box.de/ -> https://de.libreofficebox.org/ 301 http://libreofficebox.org/ -> https://www.libreofficebox.org/ 301 http://libreofficebox.de/ -> https://de.libreofficebox.org/ 301 http://libreoffice-box.org/ -> https://www.libreofficebox.org/ 301 http://libreoffice-box.de/ -> https://de.libreofficebox.org/
Updated by Dennis Roczek about 6 years ago
Guilhem Moulin wrote:
Is there a link to https://www.libreoffice-box.org/ (with that exact scheme and hostname)? AFAICT that vhost never had a valid cert:
oh no, only a http link, but my browser with https everywhere redirected it...
Updated by Guilhem Moulin about 6 years ago
Dennis Roczek wrote:
Guilhem Moulin wrote:
Is there a link to https://www.libreoffice-box.org/ (with that exact scheme and hostname)? AFAICT that vhost never had a valid cert:
Just changed that to https://www.libreofficebox.org for browsers that cached the previously broken redirect.
oh no, only a http link, but my browser with https everywhere redirected it...
Ah? HTTP Everywhere 2018.4.11 has no ruleset matching www.libreoffice-box.org (which make sense since no cert valid for that hostname was ever registered to Certificate Transparency). There are rules for libreofficebox.org
and www.libreofficebox.org
, though:
https://www.eff.org/https-everywhere/atlas/domains/libreofficebox.org.html
(and indeed these two have “valid” certs). There was a broken redirection from http://www.libreoffice-box.org to https://www.libreoffice-box.org, which I changed to redirect to https://www.libreofficebox.org instead.