From: Ethan A M. <me...@uw...> - 2025-09-11 18:12:21
|
On Thursday, 11 September 2025 10:08:31 PDT Juhász Péter wrote: > The plot thickens. > > I wanted to check on crt.sh (a certificate search facility) what certs > were issued for gnuplot.info in the past. To my surprise, I didn't find > any. However, they list test.gnuplot.info (and www.test.gnuplot.info) > for which a certificate was issued first on 2024-03-02 and renewed ever > since. And indeed, test.gnuplot.info does work with https. > > I did not know that this domain exists. Should it? > Peter I think Clark Gaylord may be the best, if not the only, person to answer this. (CC'ed on this reply). Clark said last month that the gnuplot.info domain was set up "on ten year pre payment with auto renew". I don't know whether that includes subdomains or not. Please excuse my ignorance. I don't even know what a "certificate" means in this context, or how it fits in with domain registration. Anyhow, sourceforge supprt has acknowledged the request I made to them to enable https for gnuplot.info so that may yet take care of it. If there is something else I should ask them for, please let me know. Ethan > On Wed, 2025-09-10 at 20:17 -0700, Ethan A Merritt wrote: > > Thanks for the pointers. > > > > After poking around in the SourceForge admin pages I found a place to > > set up "virtual domains". Both gnuplot.info and www.gnuplot.info are > > already listed there. That same page states that https access can be > > enabled by request, so I placed a support request with the > > SourceForge site itself to enable https access via gnuplot.info and > > www.gnuplot.info. We'll see what happens. > > > > Support tracker: > > https://sourceforge.net/p/forge/site-support/27031/ > > Ethan > > > > On Wed, Sep 10, 2025 at 5:18 PM Mojca Miklavec Groenhuis > > <moj...@gm...> wrote: > > > On Thu, 11 Sept 2025, 00: 45 Ethan A Merritt, <merritt@ uw. edu> > > > wrote: On Wed, Sep 10, 2025 at 11: 35 AM Juhász Péter > > > <peter. juhasz83@ gmail. com> wrote: The error message means that > > > the certificate required to serve the site over HTTPS > > > ZjQcmQRYFpfptBannerStart > > > > > > > > > > > > This Message Is From an Untrusted Sender > > > > > > You have not previously corresponded with this sender. > > > > > > See https://itconnect.uw.edu/email-tags for additional information. > > > Please contact the UW-IT Service Center, he...@uw... 206.221.5000, > > > for assistance. > > > > > > > > > > > > > > > ZjQcmQRYFpfptBannerEnd > > > > > > > > > On Thu, 11 Sept 2025, 00:45 Ethan A Merritt, <me...@uw...> > > > wrote: > > > > > > > > > > > > On Wed, Sep 10, 2025 at 11:35 AM Juhász Péter > > > > <pet...@gm...> wrote: > > > > > > > > > > The error message means that the certificate required to serve > > > > > the site over HTTPS is not valid for the domain name > > > > > gnuplot.info [1] (nor https://urldefense.com/v3/__http://www.gnuplot.info__;!!K-Hz7m0Vt54!gtNM2Sc78gL-Ysg1zk84my1iRsUDO5YKxseY7vQ_6VDym0S2hHL0HhcytN_F1Emi3Mk6-vt_iZU8RIDoRuWGjXY$ [2]). If you look at the > > > > > certificate (offered by Firefox next to the error message), you > > > > > can see that it was issued by Let's Encrypt to > > > > > secureprojects.sourceforge.net [3], and it is valid for a large > > > > > selection of other domain names, presumably all projects hosted > > > > > by SF. > > > > > > > > > > > > > > > > > Thank you for your insights. > > > > > > > > I think you are addressing a different issue - whether the > > > > connection protocol is https or http. > > > > > > Yes, this is not about DNS failure. I don't experience DNS failure, > > > but see precisely the same errors/issues as Peter described. > > > > > > (Nowadays http should actually redirect to https. Modern browsers > > > also refuse to show http pages.) > > > > > > > It is not surprising that a certificate issued to SourceForge > > > > would not mention gnuplot.info [1] by name because that name is > > > > not connected to SourceForge except in that (as I understand it) > > > > it currently redirects queries to the actual gnuplot site > > > > gnuplot.sourceforge.net [4]. > > > > > > Except that it does matter for https. The hosting site needs to > > > know that the certificate should also be for gnuplot.info [1] and > > > it needs to be explicit whether that is with or without www (or > > > both). > > > Either a separate certificate is needed for that, or the > > > certificate used needs to be made aware that it needs to cover > > > gnuplot.info [1]. This really needs to be fixed on the hosting > > > site, and usually the person in charge of the DNS is also needed in > > > the process of making it work. > > > > > > Unless the administrators of gnuplot on SF have access to > > > certificate settings (means you would also need to create and > > > extend your own certificate), then SF support is really needed here > > > to set it up. > > > > > > > The current problem seems to be that the redirection itself fails > > > > in some cases, or fails to pass through sufficient information > > > > > > No. It's really a misconfigured site/certificate. > > > > > > > You still see the site, correct? > > > > > > Well ... yes and no, but the more correct answer is probably NO. By > > > default you don't see the site because the web browser is > > > protecting you from "the malicious site" until you approve an > > > exception and security risk, but that is "an advanced use" (it is > > > on purpose made difficult to do that). > > > > > > > For completeness I should mention that the issue of connection > > > > via IPv6 as opposed to IPv4 was raised earlier, and might be > > > > relevant, > > > > > > It is possible that the site works correctly on IPv4 and fails with > > > IPv6. My network right now doesn't support IPv6, so it's hard for > > > me to check. It is unrelated to certificate issues, but it could > > > hypothetically explain why DNS works for others and not for you if > > > you have IPv6. (By correctly I mean resolving to the correct > > > website. It still doesn't serve a compliant certificate.) > > > > > > Mojca > > > > > > > > > > [1] gnuplot.info > https://urldefense.com/v3/__http://gnuplot.info__;!!K-Hz7m0Vt54!koofFjCmBlGlxmtOCelbImz1v5loEhcR-xo6w0JLq8fvwUwklPYjMJSMeOq-e-_jCe9wWKl4ZSgERWeODc4D2Pme$ > [2] https://urldefense.com/v3/__http://www.gnuplot.info__;!!K-Hz7m0Vt54!gtNM2Sc78gL-Ysg1zk84my1iRsUDO5YKxseY7vQ_6VDym0S2hHL0HhcytN_F1Emi3Mk6-vt_iZU8RIDoRuWGjXY$ > https://urldefense.com/v3/__http://www.gnuplot.info__;!!K-Hz7m0Vt54!hZAtTCSEA3UZsTRDYd1Rlg-J8_Oq7DJZg-cJMaMoMBMcyZx3lwvCVqHE401p-ZikRUWZruc71FaDNhZkYYE3tw4$ > [3] secureprojects.sourceforge.net > https://urldefense.com/v3/__http://secureprojects.sourceforge.net__;!!K-Hz7m0Vt54!koofFjCmBlGlxmtOCelbImz1v5loEhcR-xo6w0JLq8fvwUwklPYjMJSMeOq-e-_jCe9wWKl4ZSgERWeODadFrph0$ > [4] gnuplot.sourceforge.net > https://urldefense.com/v3/__http://gnuplot.sourceforge.net__;!!K-Hz7m0Vt54!koofFjCmBlGlxmtOCelbImz1v5loEhcR-xo6w0JLq8fvwUwklPYjMJSMeOq-e-_jCe9wWKl4ZSgERWeODckxZJT_$ > -- Ethan A Merritt Department of Biochemistry University of Washington, Seattle |