Re: Certificate expiry error on get.jenkins.io

2021-12-08 Thread Mark Waite 
On Wednesday, December 8, 2021 at 10:16:28 AM UTC-7 Tony Noble wrote:

> Thanks - it looks like we might have something caching old certificates 
> then.  Apologies for the false alarm...
>
>>
>>
We've seen reports that older Java versions and older operating system 
versions may not support Server Name Indication (SNI) from TLS.

We've also seen reports that older Java versions and older operating system 
versions may not support the ISRG X1 root certificate from Let's Encrypt 
(see their blog post 
). 

The solution in both cases was to update the Java version and the operating 
system packages (like ca-certificates) to recent versions.

You may want to check that your operating system patches are current and 
that your Java version is current.

Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/f809b05c-1ffc-4e8b-9390-de32d9eb0588n%40googlegroups.com.

Re: Certificate expiry error on get.jenkins.io

2021-12-08 Thread Tony Noble 
Thanks - it looks like we might have something caching old certificates
then.  Apologies for the false alarm...


On Wed, Dec 8, 2021 at 5:11 PM 'Gavin Mogan' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:

> Maybe someone restarted the service already. As far as I can tell is valid
> - https://www.sslshopper.com/ssl-checker.html#hostname=get.jenkins.io
>
> On Wed, Dec 8, 2021 at 9:03 AM Tony Noble  wrote:
>
>> Looks like the previous certificate expiry issues are still in place on
>> the above host:
>>
>> tmp>wget https://get.jenkins.io/war-stable/2.303.3/jenkins.war
>>
>> --2021-12-08 17:02:03--
>> https://get.jenkins.io/war-stable/2.303.3/jenkins.war
>> Resolving get.jenkins.io (get.jenkins.io)... 52.167.253.43
>> Connecting to get.jenkins.io (get.jenkins.io)|52.167.253.43|:443...
>> connected.
>> ERROR: cannot verify get.jenkins.io's certificate, issued by
>> ‘/C=US/O=Let's Encrypt/CN=R3’:
>>   Issued certificate has expired.
>> To connect to get.jenkins.io insecurely, use `--no-check-certificate'.
>> /tmp>
>>
>> Is there anyone with access to take a look?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/CAEWqh9HEpsGSvpDCStdcCrmWBD0tjfyO%3Da27SpdrQojk%3DRY%3DeA%40mail.gmail.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DusX9ZzHyvpAb%3D0MFNYjXov3cE9gseDHgY%2Bv1fXAn9JnnA%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAEWqh9GCEBxjD5A7ACWvn7iVau6qtaLLTi7McdcONfYibiMVfw%40mail.gmail.com.

Re: Certificate expiry error on get.jenkins.io

2021-12-08 Thread 'Gavin Mogan' via Jenkins Developers 
Maybe someone restarted the service already. As far as I can tell is valid
- https://www.sslshopper.com/ssl-checker.html#hostname=get.jenkins.io

On Wed, Dec 8, 2021 at 9:03 AM Tony Noble  wrote:

> Looks like the previous certificate expiry issues are still in place on
> the above host:
>
> tmp>wget https://get.jenkins.io/war-stable/2.303.3/jenkins.war
>
> --2021-12-08 17:02:03--
> https://get.jenkins.io/war-stable/2.303.3/jenkins.war
> Resolving get.jenkins.io (get.jenkins.io)... 52.167.253.43
> Connecting to get.jenkins.io (get.jenkins.io)|52.167.253.43|:443...
> connected.
> ERROR: cannot verify get.jenkins.io's certificate, issued by
> ‘/C=US/O=Let's Encrypt/CN=R3’:
>   Issued certificate has expired.
> To connect to get.jenkins.io insecurely, use `--no-check-certificate'.
> /tmp>
>
> Is there anyone with access to take a look?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAEWqh9HEpsGSvpDCStdcCrmWBD0tjfyO%3Da27SpdrQojk%3DRY%3DeA%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DusX9ZzHyvpAb%3D0MFNYjXov3cE9gseDHgY%2Bv1fXAn9JnnA%40mail.gmail.com.