@randomgeek Interested in your failure to curl from rakubrew.org ... my curl is working at the moment, and their cert looks fine ... perhaps your curl or base OS doesn't recognise Let's Encrypt ... your browser is probably using its own list of CAs ...

Follow

@yojimbo No idea. This is on Manjaro, and I think it's the first time I've used curl on this installation. Usually more partial to httpie or wget.

@randomgeek Well, if you cared, the first step would be to verify that the server is sending what you'd hope ...
$ openssl s_client -showcerts -servername rakubrew.org -connect rakubrew.org:443

ooh, very interesting ...

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = rakubrew.org
verify error:num=10:certificate has expired
notAfter=May 11 22:15:30 2020 GMT
verify return:1
depth=0 CN = rakubrew.org
notAfter=May 11 22:15:30 2020 GMT
verify return:1

Their cert has expired :-)

@randomgeek Especially because the way you're strongly encouraged to set up let's encrypt is to use certbot, or some similar automation, that should manage to do renewals for you ... instead of leaving it to a human to remember.

@randomgeek Also the opposite - why did your Firefox think things were fine? Firefox is normally one of the earliest things to complain about security/provacy issues, if its up to date ...

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.