On 02/04/2019 09:02, Paul Wise wrote: > On Mon, Apr 1, 2019 at 4:29 PM [email protected] wrote: > >> I think it is a bug clearly - because that site was working before > The site has never supported https.
Huh? This site - security.debian.org/ (website, not apt repository) in fact did supported https. I was using it since years afair, and even archive.org has archives of it, on the https URL: http://archive.is/MahaH (and many more) Apparently at some point it moved to debian.org/security/ , the only problem is that old address is redirecting to new address only on http, while on https it shows invalid cert. > If you were using HTTPS > Everywhere, then it has a rule that will make it seem like https > redirects to the website (like http actually does). I did not used that. > >> Imo just reject port 443 on that server, or make the redirection work again. > Which IP address are you connecting to? I got tests from friends both on ipv4 and ipv6, it resolves and connects to: 217.196.149.233 and 2a02:16a8:dc41:100::233 wget https://security.debian.org/ --2019-04-02 xxxxxxx -- https://security.debian.org/ Resolving security.debian.org (security.debian.org)... 2001:a78:5:1:216:35ff:fe7f:6ceb, 2a02:16a8:dc41:100::233, 217.196.149.233, ... Connecting to security.debian.org (security.debian.org)|2001:a78:5:1:216:35ff:fe7f:6ceb|:443... failed: Connection refused. Connecting to security.debian.org (security.debian.org)|2a02:16a8:dc41:100::233|:443... connected. ERROR: The certificate of ‘security.debian.org’ is not trusted. ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer. The certificate's owner does not match hostname ‘security.debian.org’ wget https://security.debian.org/ --2019-04-02 xxxxxxx -- https://security.debian.org/ Resolving security.debian.org (security.debian.org)... 217.196.149.233, 212.211.132.250, 2001:a78:5:1:216:35ff:fe7f:6ceb, ... Connecting to security.debian.org (security.debian.org)|217.196.149.233|:443... connected. ERROR: The certificate of ‘security.debian.org’ is not trusted. ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer. The certificate's owner does not match hostname ‘security.debian.org’
