Re: [Savannah-users] SSL cert for git0.savannah.gnu.org: wrong host

[Marcus Müller]

Hi Bob,

thanks for getting back to me!

> Where did you see git0.savannah.gnu.org documented so that this may be
> corrected?

I got that URL from the gitweb instance [1] that the autoconf savannah
page [2] points to.

Admittedly, the savannah page itself has a non-TLS variant of the URL:

git clone http://git.sv.gnu.org/r/autoconf.git

but: non-TLS http for source code distribution felt like it shouldn't be
the recommended way, so I payed no further attention to that http://…
URL, and just clicked through to the webgit to figure out a way of
cloning that would allow to check authenticity of the remote!

> BTW...  We are already using Let's Encrypt certificates for all of the
> site certificates.

I saw that, I just thought you might have missed that specific git0...
subdomain :)

Best regards,
Marcus

[1] http://git.sv.gnu.org/gitweb/?p=autoconf.git, redirects to
http://git.savannah.gnu.org/gitweb/?p=autoconf.git
[2] https://www.gnu.org/software/autoconf/autoconf.html

On 09.08.2017 01:12, Bob Proulx wrote:
> Marcus Müller wrote:
>> https://git0.savannah.gnu.org is unusable at the moment, since the SSL
>> certificate is for bzr.savannah.gnu.org; noticed that when trying to
>> clone the autoconf repo.
> 
> You have a typo in your URL.  You are using git0.savannah.gnu.org but
> that is the underlying node hostname.  You should be using the virtual
> name git.savannah.gnu.org, without the "0" part.
> 
>   https://savannah.gnu.org/git/?group=autoconf
> 
> Where did you see git0.savannah.gnu.org documented so that this may be
> corrected?
> 
>> See openssl output below:
> ...
>> Could someone please fix that by getting a Let's Encrypt cert for the
>> actual git0 subdomain?
> 
> Regardless of the typo we appreciate the reports. :-)
> 
> BTW...  We are already using Let's Encrypt certificates for all of the
> site certificates.
> 
> Thanks,
> Bob
>