2252499 – problem with ask.fedoraproject.org cert

Bug 2252499 - problem with ask.fedoraproject.org cert

Summary: problem with ask.fedoraproject.org cert

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Fedora Documentation
Classification:	Retired
Component:	homepage
Sub Component:
Version:	devel
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Bokoc
QA Contact:	Fedora Docs QA
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-12-02 01:19 UTC by Stan King
Modified:	2024-05-21 10:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-05-21 10:49:28 UTC
Embargoed:

Attachments	(Terms of Use)

Description Stan King 2023-12-02 01:19:01 UTC

Description of problem:

Mozilla Firefox and Google Chrome forbid navigation to ask.fedoraproject.org, due to its cert being for *.discourse.org.  No override is available.

Version-Release number of selected component (if applicable):

not applicable

How reproducible: often


Steps to Reproduce:

1. Connect to https://fedoraproject.org/start
2. click on ask.fedoraproject.org in the "Latest Solved Issues" listing
3. An error page results

Actual results:

Mozilla Firefox: "Firefox does not trust this site because it uses a certificate that is not valid for ask.fedoraproject.org. The certificate is only valid for *.discourse.org."  It's possible to view the certificate. Its issuer is Let's Encrypt, and it's valid from 23 Oct 2023 to 21 Jan 2024.

Google Chrome: Less precise information is available.  Error "NET::ERR_CERT_COMMON_NAME_INVALID" is issued.  It also says, "When Chrome tried to connect to ask.fedoraproject.org this time, the website sent back unusual and incorrect credentials."  and "You cannot visit ask.fedoraproject.org right now because the website uses HSTS."



Expected results:

I would expect this would bring me to the site where Fedora users discuss Fedora.


Additional info:

Comment 1 Christopher Klooz 2023-12-02 13:39:05 UTC

Thanks for the report! Indeed something we need to solve

I can confirm the issue with firefox (SSL_ERROR_BAD_CERT_DOMAIN because of *.discourse.org). It is only the forwarding of ask.fedoraproject.org that does not work. The actual page is https://discussion.fedoraproject.org/c/ask/, which works fine (ask.fp is only a forwarding to the latter as of today).

But this issue does not belong to Docs.

I have forwarded this to admin to handle this. They might take over, or forward it if https/dns issues belong to someone else.

For now, you can use the direct link to https://discussion.fedoraproject.org/c/ask

Comment 2 Christopher Klooz 2023-12-03 16:35:26 UTC

Related discussion.fp topic: https://discussion.fedoraproject.org/t/forwarding-from-ask-fp-org-to-discussion-fp-org-c-ask-is-broken-due-to-wrong-certificate-https-dns-issue/98023

---

The issue is forwarded and will be handled by another team.

This ticket can be closed.

Thanks again for reporting!

Note You need to log in before you can comment on or make changes to this bug.