[Dillo-dev] Cannot access Dillo mercurial repository

25 views
Skip to first unread message

Jeremy Henty

unread,
Jun 20, 2017, 7:56:48 AM6/20/17
to Dillo developers

Sometime during the past day my access to the Dillo HG repository
started failing:

$ hg incoming
abort: error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

I have not changed my HG configuration at all. I did upgrade my
Debian Jessie OS yesterday, but that will not have affected mercurial
because I build that from source. I can ssh into my remote hosts as
normal, only Dillo HG access has failed.

Any ideas? I have no idea how to debug SSL certificate problems.

.hg/hgrc (password censored) is:

[paths]
default = https://jhenty:xxxxx...@hg.dillo.org/dillo

Regards,

Jeremy Henty

_______________________________________________
Dillo-dev mailing list
Dill...@dillo.org
http://lists.dillo.org/cgi-bin/mailman/listinfo/dillo-dev

Jeremy Henty

unread,
Jun 20, 2017, 8:43:24 AM6/20/17
to dill...@dillo.org

I wrote:

> Any ideas? I have no idea how to debug SSL certificate problems.

Luckily, Firefox does have an idea:

The owner of hg.dillo.org has configured their website
improperly. To protect your information from being stolen, Firefox
has not connected to this website.

hg.dillo.org uses an invalid security certificate.

The certificate expired on 18/06/17 20:57. The current time is
20/06/17 13:36.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE

Are the hg.dillo.org site admins seeing this?

Jeremy Henty

unread,
Jun 20, 2017, 9:06:00 AM6/20/17
to dill...@dillo.org

I wrote:
>
> I wrote:
>
> > Any ideas? I have no idea how to debug SSL certificate problems.
>
> Luckily, Firefox does have an idea:

And so does Dillo!

Certificate expired at: 2017/06/18 19:57:00.

Johannes Hofmann

unread,
Jun 20, 2017, 4:06:49 PM6/20/17
to dill...@dillo.org
It seems someone (Andreas probably) has already fixed it.
I now see a certificate from Let' Encrypt valid until
August 20, 2017.
So, thanks for reporting and thanks for the quick fix - whoever did
it!

Cheers,
Johannes

Jeremy Henty

unread,
Jun 20, 2017, 4:36:24 PM6/20/17
to dill...@dillo.org

Johannes Hofmann wrote:

> It seems someone (Andreas probably) has already fixed it. I now see
> a certificate from Let' Encrypt valid until August 20, 2017. So,
> thanks for reporting and thanks for the quick fix - whoever did it!

Yes, it is working again! Thanks to whoever updated the certificate!

Andreas Kemnade

unread,
Jun 20, 2017, 4:36:41 PM6/20/17
to dill...@dillo.org
Hi,

On Tue, 20 Jun 2017 22:06:22 +0200
Johannes Hofmann <Johannes...@gmx.de> wrote:

> It seems someone (Andreas probably) has already fixed it.
> I now see a certificate from Let' Encrypt valid until
> August 20, 2017.
> So, thanks for reporting and thanks for the quick fix - whoever did
> it!

yes, fixed it. Just restarting the http server did the trick.

Regards,
Andreas

Nick Warne

unread,
Jun 20, 2017, 4:41:10 PM6/20/17
to dill...@dillo.org, Andreas Kemnade
Well, when you re-new certs, the HTTPD process needs be restarted as all is cached in memory and server threads.

Nick

_______________________________________________

Reply all
Reply to author
Forward
0 new messages