Re: [libreoffice-website] Can not get into the wiki...
Hi, On Tue, 21 Nov 2017 at 11:57:10 +0100, Dennis Roczek wrote: > We just got a new wiki-certificate from Let's encrypt. Maybe they > changed something fundamental...? The cert was last renewed 2 weeks ago, if there was a problem with the X.509 chain I guess someone would have complained before :-P $ openssl s_client -connect wiki.documentfoundation.org:443 -servername wiki.documentfoundation.org /dev/null \ | openssl x509 -noout -dates notBefore=Nov 4 02:07:05 2017 GMT notAfter=Feb 2 02:07:05 2018 GMT > @Guilhem: do you know more about changes there? I noticed the OSCP responsed stapled to the TLS handshake was out of date since this morning at 03:00 UTC. $ openssl s_client -connect wiki.documentfoundation.org:443 -servername wiki.documentfoundation.org -status /dev/null […] OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Nov 14 03:08:00 2017 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 03686441D74F5FFBC5CF4FDD4504FBFA9DDA Cert Status: good This Update: Nov 14 03:00:00 2017 GMT Next Update: Nov 21 03:00:00 2017 GMT […] Apparently nginx kept querying the OCSP responder but all requests timed out so the stapled data wasn't refreshed. That's weird, AFAIK nginx only caches DNS responses for the zone TTL, but we got a valid response after reloading the server: $ openssl s_client -connect wiki.documentfoundation.org:443 -servername wiki.documentfoundation.org -status /dev/null […] OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Nov 19 03:11:00 2017 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 0324F7EDB9BE813D301B509273649D7E7614 Cert Status: good This Update: Nov 19 03:00:00 2017 GMT Next Update: Nov 26 03:00:00 2017 GMT […] I assume not all browsers were affected because some fallback to quering the OCSP responder manually when the stapled information is out of date. Cheers, -- Guilhem. -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-website] Can not get into the wiki...
Yep, thank you guys. 2017-11-21 8:16 GMT-03:00 Regina Henschel: > Hi Daniel, > > Please try again. It works for me now. > > Kind regards > Regina > > > Daniel A. Rodriguez schrieb am 21.11.2017 um 11:28: >> >> At this time I'm getting this message >> >> --- >> An error occurred during a connection to wiki.documentfoundation.org. >> The OCSP response contains out-of-date information. Error code: >> SEC_ERROR_OCSP_OLD_RESPONSE >> --- >> > > > -- > To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org > Problems? > https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette > List archive: https://listarchives.libreoffice.org/global/website/ > All messages sent to this list will be publicly archived and cannot be > deleted -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-website] Can not get into the wiki...
Hi Daniel, Please try again. It works for me now. Kind regards Regina Daniel A. Rodriguez schrieb am 21.11.2017 um 11:28: At this time I'm getting this message --- An error occurred during a connection to wiki.documentfoundation.org. The OCSP response contains out-of-date information. Error code: SEC_ERROR_OCSP_OLD_RESPONSE --- -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-website] Can not get into the wiki...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Daniel, On 21.11.2017 11:53, Dennis Roczek wrote: > Hi Daniel, > > On 21.11.2017 11:28, Daniel A. Rodriguez wrote: >> At this time I'm getting this message > >> --- >> An error occurred during a connection to wiki.documentfoundation.org. >> The OCSP response contains out-of-date information. Error code: >> SEC_ERROR_OCSP_OLD_RESPONSE >> --- > > > I do not get this error. But I guess I know what the problem is: Do yo u > transmitter your HTTP Refferer? (maybe it is blocked by an extension) > > Regards, > Dennis Roczek > I have to correct: It works in Vivaldi (based on newest Chrome), but not in Opera12 o.O We just got a new wiki-certificate from Let's encrypt. Maybe they changed something fundamental...? @Guilhem: do you know more about changes there? Regards, Dennis Roczek -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEhYmMfFabYko4V91Tzj5B/c4qttkFAloUBoYACgkQzj5B/c4q ttmv9A/8CS/Gn/1d0zTaKf+6SdGHAlNYEwSnfnTINjNhU2RQmWMyUWu89lbWHgBy DKuE3u6MSIafIOL8W/l0mudz+q0BnGN+fT95uW5fozQtL6Dck2tqMRsa7kTxm+9f goJWY86ItClrNrsBfhAyfw0ykhBlbAQvVft7qNObRA/C9hrWAfp2jpDZIz9aghWs /ot00iUCJn/9U711rgawEYJqnQ12mhMPJMmLfr6qvhHsXKm8I20rYZySlGLv579K 2yU1wHidHwbMZymP7UWXifhkwe98YZt6OOn2eT4q079SOvZQ7+o3m/m4AE3HiEZS /80foWLpl97L6lNjUoehfjZIKmbpiEcOgnSwBS/iEXCH5kw0vPsjxArobDWvruyP JIuCaBDyzTFe9ONEzzZstXmEWx5fdlubG9H6ZSGaiNwl6hOOMVw0SZvn/j9vjLZE RH0u0MSYye3mjQASUGA+Ia2MWiTPpvar21zjamuKONIZezV+g4nhtYKIwHtFSXD1 5Y/fROLLMpT41zNTGI7pA5qPYwQ9N2At2B55KR9Aiw2LwDrlOv7hRndqE0mL7TS4 eaiFlZ5ZuddB2bjfmfZQ6gxdY5C3hmQLwDIs5L3grxay9Kw5U6aeBV8CbjSZcThM gRF75KFcLJlrZfMo9ivgvBtXiIKYwkD4TphV9g20+C8c/4IQ9fA= =Q6f2 -END PGP SIGNATURE- -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-website] Can not get into the wiki...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Daniel, On 21.11.2017 11:28, Daniel A. Rodriguez wrote: > At this time I'm getting this message > > --- > An error occurred during a connection to wiki.documentfoundation.org. > The OCSP response contains out-of-date information. Error code: > SEC_ERROR_OCSP_OLD_RESPONSE > --- > I do not get this error. But I guess I know what the problem is: Do you transmitter your HTTP Refferer? (maybe it is blocked by an extension) Regards, Dennis Roczek -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEhYmMfFabYko4V91Tzj5B/c4qttkFAloUBacACgkQzj5B/c4q ttmP1RAAhZ0wyADoulfeWweHWiu8sc/5kvwCWbNcZyGUjYb3PoZP/C4tK08WlQKc eFMvF8lDHygthRfDRRSzbezbGEYlS3OBuFMbajZssagjsjnAElGQaTcRV7I8BIob gJCKXncdkPHH19mkmaHiJPA3HLzxheBaHeZuxPLX/jK4VSdd3nS3IQHue6eju7XF rmQk4pLj69Fzx+0lypU/tw2KEXO/gmVGo2tCOVASBfiMY1/1tai9eSjETovoV07+ HxMbD8A9VmRZ4pBIAF4LgLie7jpXyZQ/gasM8WRlP/Xe2ywetW0O0L0SmJz5I1bB +FKx76SWBWCu7D7rTCtUFfmdF2AOREqhoaCYg43ltpOk6nd9ywU7nZBpFNUj9zW0 KP9g+SHtz+ciG83SelbM3P04Lv61KS9EEAl2DXGymO/IaUvdr4fPhQrrMrnCeVAp gx13BHwOc5s3w0VFbrDNB4KwkJCMybSOYsXgfbct6sR+ewT14ssVCDd6nUlVwQ/A JbXGO+BVLuvlKCni81lI5WkpmAmJaysdJfWQqvo6gfXGfNokj3/6wE10OBGgCOBn kFawbd2rRGNtV1+S1P6MSlYLIhsFFiZK50hga0Yiu5Qb3vvd7Ne7tAxlf+EPDtLL ZD+aVA+Pyyu5S6s00ERTOnR61liM9lO5prtZEd8EI2wpSqAp8Zw= =qa75 -END PGP SIGNATURE- -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted