From: Juhász P. <pet...@gm...> - 2025-09-11 17:08:41
|
The plot thickens. I wanted to check on crt.sh (a certificate search facility) what certs were issued for gnuplot.info in the past. To my surprise, I didn't find any. However, they list test.gnuplot.info (and www.test.gnuplot.info) for which a certificate was issued first on 2024-03-02 and renewed ever since. And indeed, test.gnuplot.info does work with https. I did not know that this domain exists. Should it? Peter On Wed, 2025-09-10 at 20:17 -0700, Ethan A Merritt wrote: > Thanks for the pointers. > > After poking around in the SourceForge admin pages I found a place to > set up "virtual domains". Both gnuplot.info and www.gnuplot.info are > already listed there. That same page states that https access can be > enabled by request, so I placed a support request with the > SourceForge site itself to enable https access via gnuplot.info and > www.gnuplot.info. We'll see what happens. > > https://sourceforge.net/p/forge/site-support/27031/ > > Ethan > > On Wed, Sep 10, 2025 at 5:18 PM Mojca Miklavec Groenhuis > <moj...@gm...> wrote: > > On Thu, 11 Sept 2025, 00: 45 Ethan A Merritt, <merritt@ uw. edu> > > wrote: On Wed, Sep 10, 2025 at 11: 35 AM Juhász Péter > > <peter. juhasz83@ gmail. com> wrote: The error message means that > > the certificate required to serve the site over HTTPS > > ZjQcmQRYFpfptBannerStart > > > > > > > > This Message Is From an Untrusted Sender > > > > You have not previously corresponded with this sender. > > > > See https://itconnect.uw.edu/email-tags for additional information. > > Please contact the UW-IT Service Center, he...@uw... 206.221.5000, > > for assistance. > > > > > > > > > > ZjQcmQRYFpfptBannerEnd > > > > > > On Thu, 11 Sept 2025, 00:45 Ethan A Merritt, <me...@uw...> > > wrote: > > > > > > > > > On Wed, Sep 10, 2025 at 11:35 AM Juhász Péter > > > <pet...@gm...> wrote: > > > > > > > > The error message means that the certificate required to serve > > > > the site over HTTPS is not valid for the domain name > > > > gnuplot.info [1] (nor www.gnuplot.info [2]). If you look at the > > > > certificate (offered by Firefox next to the error message), you > > > > can see that it was issued by Let's Encrypt to > > > > secureprojects.sourceforge.net [3], and it is valid for a large > > > > selection of other domain names, presumably all projects hosted > > > > by SF. > > > > > > > > > > > > > Thank you for your insights. > > > > > > I think you are addressing a different issue - whether the > > > connection protocol is https or http. > > > > Yes, this is not about DNS failure. I don't experience DNS failure, > > but see precisely the same errors/issues as Peter described. > > > > (Nowadays http should actually redirect to https. Modern browsers > > also refuse to show http pages.) > > > > > It is not surprising that a certificate issued to SourceForge > > > would not mention gnuplot.info [1] by name because that name is > > > not connected to SourceForge except in that (as I understand it) > > > it currently redirects queries to the actual gnuplot site > > > gnuplot.sourceforge.net [4]. > > > > Except that it does matter for https. The hosting site needs to > > know that the certificate should also be for gnuplot.info [1] and > > it needs to be explicit whether that is with or without www (or > > both). > > Either a separate certificate is needed for that, or the > > certificate used needs to be made aware that it needs to cover > > gnuplot.info [1]. This really needs to be fixed on the hosting > > site, and usually the person in charge of the DNS is also needed in > > the process of making it work. > > > > Unless the administrators of gnuplot on SF have access to > > certificate settings (means you would also need to create and > > extend your own certificate), then SF support is really needed here > > to set it up. > > > > > The current problem seems to be that the redirection itself fails > > > in some cases, or fails to pass through sufficient information > > > > No. It's really a misconfigured site/certificate. > > > > > You still see the site, correct? > > > > Well ... yes and no, but the more correct answer is probably NO. By > > default you don't see the site because the web browser is > > protecting you from "the malicious site" until you approve an > > exception and security risk, but that is "an advanced use" (it is > > on purpose made difficult to do that). > > > > > For completeness I should mention that the issue of connection > > > via IPv6 as opposed to IPv4 was raised earlier, and might be > > > relevant, > > > > It is possible that the site works correctly on IPv4 and fails with > > IPv6. My network right now doesn't support IPv6, so it's hard for > > me to check. It is unrelated to certificate issues, but it could > > hypothetically explain why DNS works for others and not for you if > > you have IPv6. (By correctly I mean resolving to the correct > > website. It still doesn't serve a compliant certificate.) > > > > Mojca > > > > > -- > Ethan A Merritt > Department of Biochemistry > University of Washington, Seattle > > _______________________________________________ > gnuplot-beta mailing list > gnu...@li... > Membership management via: > https://lists.sourceforge.net/lists/listinfo/gnuplot-beta [1] gnuplot.info https://urldefense.com/v3/__http://gnuplot.info__;!!K-Hz7m0Vt54!koofFjCmBlGlxmtOCelbImz1v5loEhcR-xo6w0JLq8fvwUwklPYjMJSMeOq-e-_jCe9wWKl4ZSgERWeODc4D2Pme$ [2] www.gnuplot.info https://urldefense.com/v3/__http://www.gnuplot.info__;!!K-Hz7m0Vt54!hZAtTCSEA3UZsTRDYd1Rlg-J8_Oq7DJZg-cJMaMoMBMcyZx3lwvCVqHE401p-ZikRUWZruc71FaDNhZkYYE3tw4$ [3] secureprojects.sourceforge.net https://urldefense.com/v3/__http://secureprojects.sourceforge.net__;!!K-Hz7m0Vt54!koofFjCmBlGlxmtOCelbImz1v5loEhcR-xo6w0JLq8fvwUwklPYjMJSMeOq-e-_jCe9wWKl4ZSgERWeODadFrph0$ [4] gnuplot.sourceforge.net https://urldefense.com/v3/__http://gnuplot.sourceforge.net__;!!K-Hz7m0Vt54!koofFjCmBlGlxmtOCelbImz1v5loEhcR-xo6w0JLq8fvwUwklPYjMJSMeOq-e-_jCe9wWKl4ZSgERWeODckxZJT_$ |