Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2252499

Summary: problem with ask.fedoraproject.org cert
Product: [Retired] Fedora Documentation Reporter: Stan King <stanley.king>
Component: homepageAssignee: Petr Bokoc <pbokoc>
Status: CLOSED CANTFIX QA Contact: Fedora Docs QA <docs-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: dimitris, py0xc3, zach
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-21 10:49:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stan King 2023-12-02 01:19:01 UTC 
Description of problem:

Mozilla Firefox and Google Chrome forbid navigation to ask.fedoraproject.org, due to its cert being for *.discourse.org.  No override is available.

Version-Release number of selected component (if applicable):

not applicable

How reproducible: often


Steps to Reproduce:

1. Connect to https://fedoraproject.org/start
2. click on ask.fedoraproject.org in the "Latest Solved Issues" listing
3. An error page results

Actual results:

Mozilla Firefox: "Firefox does not trust this site because it uses a certificate that is not valid for ask.fedoraproject.org. The certificate is only valid for *.discourse.org."  It's possible to view the certificate. Its issuer is Let's Encrypt, and it's valid from 23 Oct 2023 to 21 Jan 2024.

Google Chrome: Less precise information is available.  Error "NET::ERR_CERT_COMMON_NAME_INVALID" is issued.  It also says, "When Chrome tried to connect to ask.fedoraproject.org this time, the website sent back unusual and incorrect credentials."  and "You cannot visit ask.fedoraproject.org right now because the website uses HSTS."



Expected results:

I would expect this would bring me to the site where Fedora users discuss Fedora.


Additional info:
Comment 1 Christopher Klooz 2023-12-02 13:39:05 UTC 
Thanks for the report! Indeed something we need to solve

I can confirm the issue with firefox (SSL_ERROR_BAD_CERT_DOMAIN because of *.discourse.org). It is only the forwarding of ask.fedoraproject.org that does not work. The actual page is https://discussion.fedoraproject.org/c/ask/, which works fine (ask.fp is only a forwarding to the latter as of today).

But this issue does not belong to Docs.

I have forwarded this to admin to handle this. They might take over, or forward it if https/dns issues belong to someone else.

For now, you can use the direct link to https://discussion.fedoraproject.org/c/ask
Comment 2 Christopher Klooz 2023-12-03 16:35:26 UTC 
Related discussion.fp topic: https://discussion.fedoraproject.org/t/forwarding-from-ask-fp-org-to-discussion-fp-org-c-ask-is-broken-due-to-wrong-certificate-https-dns-issue/98023

---

The issue is forwarded and will be handled by another team.

This ticket can be closed.

Thanks again for reporting!