lemmy.sdf.org cert expired

Submitted ⁨⁨3⁩ ⁨months⁩ ago⁩ by ⁨mox@lemmy.sdf.org⁩ to ⁨sdfpubnix@lemmy.sdf.org⁩

 rDNS (209.160.32.187):  lemmy.sdf.org.
 Service detected:       HTTP


 Testing server defaults (Server Hello) 

 TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
                              "EC point formats/#11" "session ticket/#35"
                              "status request/#5" "next protocol/#13172"
                              "supported versions/#43" "key share/#51"
                              "max fragment length/#1"
                              "application layer protocol negotiation/#16"
                              "encrypt-then-mac/#22"
                              "extended master secret/#23"
 Session Ticket RFC 5077 hint 600 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial                       04D30A06E04DFFE4B17ACA22EF9CA476394A (OK: length 18)
 Fingerprints                 SHA1 120E588E76DA8B6C125F64639565AC740421BFB9
                              SHA256 1469485C7ED60FA5039C1ED309659314B2464056B0590C07C14F78D252604A05
 Common Name (CN)             lemmy.sdf.org 
 subjectAltName (SAN)         lemmy.sdf.org 
 Issuer                       R3 (Let's Encrypt from US)
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               NOT ok (expired)
 EV cert (experimental)       no 
 ETS/"eTLS", visibility info  not present
 Certificate Validity (UTC)   expired (2024-05-02 01:18 --> 2024-07-31 01:18)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI                     http://r3.o.lencr.org
 OCSP stapling                offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     yes (certificate extension)

source

Comments

Sort:hotnew top

some_guy@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
I guess this explains why it wasn’t working for me a little while ago.

source
user224@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
Welcome back.

source
hexagonwin@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
seems like it is… :/ old lemmy is completely nonfunctional now. is federation unaffected though?

source
- mox@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
  Judging by something I posted during the outage, I think federation was affected.
  
  source
  - user224@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
    Welp, it wouldn’t be wise if instances accepted invalid certificates.
    
    source
PM_ME_VINTAGE_30S@lemmy.today ⁨3⁩ ⁨months⁩ ago
Lol I think we’re down again. On Firefox I just get a blank front page and none of the client apps are loading my data.

source
GenderNeutralBro@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
I see that lemmy.sdf.org gets its cert from Let’s Encrypt, and it renews in 60-day increments. Is it possible to have it auto-renew a week in advance of expiration?

source
- tinsmith@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago
  I asked the hamster, he said he’ll see what he can do and immediately went back to sleep on his wheel.
  
  source