2024-10-24 (1710 AEST): TLS/DNS error attempting to access flatpak.org #689
Description
Attempting to look something up on flatpak.org today, I got the following certificate warning from Firefox:
Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for flatpak.org. The certificate is only valid for the following names: *.bleacherreport.com, bleacherreport.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Checking with https://www.ssllabs.com/ssltest/analyze.html?d=flatpak.org gave two potential addresses for the site, and reported the certificate only matching one of them:
DNS round robin results supported that, as checking with curl alternated between cert failure:
$ curl https://flatpak.org
curl: (60) SSL: no alternative certificate subject name matches target host name 'flatpak.org'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And loading the site as expected:
$ curl -s https://flatpak.org | grep Flatpak | wc -l
21
dig didn't report any obvious differences between the DNS entries:
$ dig flatpak.org +ttlid +ttlunits
; <<>> DiG 9.18.28 <<>> flatpak.org +ttlid +ttlunits
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56494
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;flatpak.org. IN A
;; ANSWER SECTION:
flatpak.org. 23h19m44s IN A 54.210.188.246
flatpak.org. 23h19m44s IN A 3.208.234.181
;; Query time: 9 msec
;; SERVER: 10.255.255.254#53(10.255.255.254) (UDP)
;; WHEN: Thu Oct 24 17:26:29 AEST 2024
;; MSG SIZE rcvd: 72
Edit: no current outage reports on https://www.githubstatus.com/ at time of reporting