Thread

  1. https://cfbot.cputube.org - certificate has expired

    Aleksander Alekseev <aleksander@tigerdata.com> — 2025-11-27T13:00:20Z

    Hi,
    
    I've just discovered that cfbot has a little problem with TLS:
    
    ```
    $ curl -vvv https://cfbot.cputube.org
    * Host cfbot.cputube.org:443 was resolved.
    * IPv6: (none)
    * IPv4: 139.180.174.5
    *   Trying 139.180.174.5:443...
    * Connected to cfbot.cputube.org (139.180.174.5) port 443
    * ALPN: curl offers h2,http/1.1
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    *  CAfile: /etc/ssl/certs/ca-certificates.crt
    *  CApath: /etc/ssl/certs
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    * TLSv1.3 (OUT), TLS alert, certificate expired (557):
    * SSL certificate problem: certificate has expired
    * Closing connection
    curl: (60) SSL certificate problem: certificate has expired
    More details here: https://curl.se/docs/sslcerts.html
    
    curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.
    ```
    
    The non-encrypted version serves fine. Sorry for the message to a wide
    audience, but I don't know who maintains cfbot.
    
    --
    Best regards,
    Aleksander Alekseev
    
    
    
    
  2. Re: https://cfbot.cputube.org - certificate has expired

    Nazir Bilal Yavuz <byavuz81@gmail.com> — 2025-11-27T13:07:18Z

    Hi,
    
    On Thu, 27 Nov 2025 at 16:00, Aleksander Alekseev
    <aleksander@tigerdata.com> wrote:
    >
    > Hi,
    >
    > I've just discovered that cfbot has a little problem with TLS:
    >
    > ```
    > $ curl -vvv https://cfbot.cputube.org
    > * Host cfbot.cputube.org:443 was resolved.
    > * IPv6: (none)
    > * IPv4: 139.180.174.5
    > *   Trying 139.180.174.5:443...
    > * Connected to cfbot.cputube.org (139.180.174.5) port 443
    > * ALPN: curl offers h2,http/1.1
    > * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    > *  CAfile: /etc/ssl/certs/ca-certificates.crt
    > *  CApath: /etc/ssl/certs
    > * TLSv1.3 (IN), TLS handshake, Server hello (2):
    > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    > * TLSv1.3 (IN), TLS handshake, Certificate (11):
    > * TLSv1.3 (OUT), TLS alert, certificate expired (557):
    > * SSL certificate problem: certificate has expired
    > * Closing connection
    > curl: (60) SSL certificate problem: certificate has expired
    > More details here: https://curl.se/docs/sslcerts.html
    >
    > curl failed to verify the legitimacy of the server and therefore could not
    > establish a secure connection to it. To learn more about this situation and
    > how to fix it, please visit the web page mentioned above.
    > ```
    >
    > The non-encrypted version serves fine. Sorry for the message to a wide
    > audience, but I don't know who maintains cfbot.
    
    Thomas and Jelte maintain the CFBot. AFAIK, CFBot has worked like that
    from the start so I guess that is expected.
    
    
    -- 
    Regards,
    Nazir Bilal Yavuz
    Microsoft
    
    
    
    
  3. Re: https://cfbot.cputube.org - certificate has expired

    Aleksander Alekseev <aleksander@tigerdata.com> — 2025-11-27T13:08:59Z

    Hi Nazir,
    
    > > The non-encrypted version serves fine. Sorry for the message to a wide
    > > audience, but I don't know who maintains cfbot.
    >
    > Thomas and Jelte maintain the CFBot. AFAIK, CFBot has worked like that
    > from the start so I guess that is expected.
    
    The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
    confident https worked yesterday.
    
    -- 
    Best regards,
    Aleksander Alekseev
    
    
    
    
  4. Re: https://cfbot.cputube.org - certificate has expired

    Nazir Bilal Yavuz <byavuz81@gmail.com> — 2025-11-27T13:13:56Z

    Hi Aleksander,
    
    On Thu, 27 Nov 2025 at 16:09, Aleksander Alekseev
    <aleksander@tigerdata.com> wrote:
    >
    > Hi Nazir,
    >
    > > > The non-encrypted version serves fine. Sorry for the message to a wide
    > > > audience, but I don't know who maintains cfbot.
    > >
    > > Thomas and Jelte maintain the CFBot. AFAIK, CFBot has worked like that
    > > from the start so I guess that is expected.
    >
    > The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
    > confident https worked yesterday.
    
    Oh, sorry! Then I must have remembered incorrectly. Thomas and Jelte
    might be able to help with the $SUBJECT, I guess.
    
    -- 
    Regards,
    Nazir Bilal Yavuz
    Microsoft
    
    
    
    
  5. Re: https://cfbot.cputube.org - certificate has expired

    Thomas Munro <thomas.munro@gmail.com> — 2025-11-27T22:25:24Z

    On Fri, Nov 28, 2025 at 2:14 AM Nazir Bilal Yavuz <byavuz81@gmail.com> wrote:
    > On Thu, 27 Nov 2025 at 16:09, Aleksander Alekseev
    > <aleksander@tigerdata.com> wrote:
    > > The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
    > > confident https worked yesterday.
    >
    > Oh, sorry! Then I must have remembered incorrectly. Thomas and Jelte
    > might be able to help with the $SUBJECT, I guess.
    
    Oops.  It does have automated cert renewal but apparently it stopped
    working... looking...
    
    
    
    
  6. Re: https://cfbot.cputube.org - certificate has expired

    Thomas Munro <thomas.munro@gmail.com> — 2025-11-27T22:58:23Z

    On Fri, Nov 28, 2025 at 11:25 AM Thomas Munro <thomas.munro@gmail.com> wrote:
    > On Fri, Nov 28, 2025 at 2:14 AM Nazir Bilal Yavuz <byavuz81@gmail.com> wrote:
    > > On Thu, 27 Nov 2025 at 16:09, Aleksander Alekseev
    > > <aleksander@tigerdata.com> wrote:
    > > > The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
    > > > confident https worked yesterday.
    > >
    > > Oh, sorry! Then I must have remembered incorrectly. Thomas and Jelte
    > > might be able to help with the $SUBJECT, I guess.
    >
    > Oops.  It does have automated cert renewal but apparently it stopped
    > working... looking...
    
    It had started getting some strange errors from ZeroSSL (CA) while
    trying to renew certs periodically.  Couldn't figure out why, but it
    seemed to want me to wait a really long time before retrying so I
    flipped it over to LetsEncrypt and it seems to be happy again.  Sorry
    about that, and thanks for letting me know!