Hello! On Tue, Apr 09, 2019 at 10:32:14AM -0400, George wrote:
> for that i get > > echo -n | openssl s_client -connect hg.nginx.org:443 -servername > hg.nginx.org > CONNECTED(00000003) > depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 > verify return:1 > depth=0 CN = mailman.nginx.org > verify return:1 > --- > Certificate chain > 0 s:/CN=mailman.nginx.org > i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > i:/O=Digital Signature Trust Co./CN=DST Root CA X3 > --- That's correct certificate, it has hg.nginx.org in subjectAltNames extension and will work correctly. > and it's still a problem for hg clone command > > hg clone https://hg.nginx.org/njs/ > abort: hg.nginx.org certificate error: certificate is for *.nginx.com, > nginx.com > (configure hostfingerprint > bd:90:5e:95:b4:51:d8:0b:b0:36:41:6f:99:a7:80:01:4e:cf:ee:c2 or use > --insecure to connect insecurely) As previously suggested, it looks like your hg cannot use SNI. Upgrade your hg or use http/--insecure/whatever. Trying to re-run the same command without upgrading hg to a recent version won't help. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx