科技回声

22 条评论

koolba大约 2 年前

The cert for objects.githubusercontent.com has also expired:<pre><code> $ openssl s_client -connect objects.githubusercontent.com:443 CONNECTED(00000005) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 verify return:1 depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io verify error:num=10:certificate has expired notAfter=Mar 21 23:59:59 2023 GMT verify return:1 depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io notAfter=Mar 21 23:59:59 2023 GMT verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA </code></pre> What are the odds this happens the same day they rotate their SSH keys?

评论 #35295350 未加载

评论 #35295715 未加载

评论 #35297266 未加载

ksml大约 2 年前

They're serving the wrong cert on pkg-containers.githubusercontent.com (it's for *.githubassets.com) and their support site also expired 3/21... <a href="https://support.github.com/" rel="nofollow">https://support.github.com/</a> What is going on over there?

dz0ny大约 2 年前

Still some weird stuff around (* subject: CN=apistatus.chorus.co.nz).<pre><code> curl https://www.githubstatus.com/ -vvvv -I \* Trying 52.215.192.131:443... \* Connected to www.githubstatus.com (52.215.192.131) port 443 (#0) \* ALPN: offers h2 \* ALPN: offers http/1.1 ... \* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 \* ALPN: server accepted h2 \* Server certificate: \* subject: CN=apistatus.chorus.co.nz \* start date: Mar 6 23:10:30 2023 GMT \* expire date: Jun 4 23:10:29 2023 GMT \* subjectAltName: host "www.githubstatus.com" matched cert's "www.githubstatus.com" \* issuer: C=US; O=Let's Encrypt; CN=R3 \* SSL certificate verify ok. \* Using HTTP2, server supports multiplexing</code></pre>

ollemasle大约 2 年前

Here is the report for this incident: <a href="https://www.githubstatus.com/incidents/x7njwb481j9b" rel="nofollow">https://www.githubstatus.com/incidents/x7njwb481j9b</a>

ccheney大约 2 年前

EDIT: this specific issue is resolvedFailing for us in GitHub ActionsFor SEO purposes:<pre><code> npm ERR! code ERR_TLS_CERT_ALTNAME_INVALID npm ERR! errno ERR_TLS_CERT_ALTNAME_INVALID npm ERR! request to https://pkg- npm.githubusercontent.com/npmregistryv2prod/blobs/\*\* failed, reason: Hostname/IP does not match certificate's altnames: Host: pkg-npm.githubusercontent.com. is not in the cert's altnames: DNS:\*.githubassets.com, DNS:githubassets.com</code></pre>

GOATS-大约 2 年前

This also applies to their avatars subdomain, causing them not to load anymore.

评论 #35296442 未加载

radicalbyte大约 2 年前

I wonder if this has anything to do with the recent SNAFU from a Senior Security Engineer* there?<a href="https://twitter.com/viibeeng/status/1639374358287118336" rel="nofollow">https://twitter.com/viibeeng/status/1639374358287118336</a>(*yeah we can all make mistakes, but it's 2023, if you've not build controls into your workflows by now you don't deserve to be a Senior anything)

mattbillenstein大约 2 年前

I built a free monitoring service some years ago if anyone doesn't want to be the victim of this...<a href="https://ismycertexpired.com/check?domain=objects.githubusercontent.com" rel="nofollow">https://ismycertexpired.com/check?domain=objects.githubuserc...</a>

bvogelzang大约 2 年前

It looks as though it's back for me now. Status page is now showing the problem: <a href="https://www.githubstatus.com/" rel="nofollow">https://www.githubstatus.com/</a>

评论 #35295893 未加载

dz0ny大约 2 年前

Also serving wrong certificates for a lot of content domains.<a href="https://news.ycombinator.com/item?id=35295191" rel="nofollow">https://news.ycombinator.com/item?id=35295191</a>

jmspring大约 2 年前

Sounds like whoever is in charge of certificates at GH must have come over from MSFT. Afterall, I think Microsoft has had 2-3 certificate expiry issues in the last several years.

评论 #35296339 未加载

gorjusborg大约 2 年前

And today of all days I have a moment to upgrade homebrew stuff.

tonto大约 2 年前

got a "RequestError: certificate has expired" doing a release just now...as usual, not a good idea to release on a friday

Kelamir大约 2 年前

Previously I had the same issue, but it works for me now, as well as for a friend in another EU country.

gunshai大约 2 年前

For us dumb dumbs what does this mean?

apetresc大约 2 年前

Seems to be resolved now. My `brew update` works again.

artyom大约 2 年前

ChatGPT, rotate my certs

评论 #35297047 未加载

评论 #35296146 未加载

jjice大约 2 年前

Well I'm kind of just waiting on PRs for the rest of the day today and it's a Friday, so I'll consider this a modern equivalent of <a href="https://xkcd.com/303/" rel="nofollow">https://xkcd.com/303/</a>

GOATS-大约 2 年前

It's back now!

alexanderscott大约 2 年前

didn’t they announce a bunch of layoffs recently?

lytedev大约 2 年前

Back up now, it looks like.

carrina大约 2 年前

Not Before Fri, 18 Mar 2022 00:00:00 GMTNot After Tue, 21 Mar 2023 23:59:59 GMT3-day certs.

评论 #35295424 未加载

评论 #35295432 未加载

评论 #35296108 未加载

评论 #35295448 未加载

22 条评论

koolba大约 2 年前

评论 #35295350 未加载

评论 #35295715 未加载

评论 #35297266 未加载

ksml大约 2 年前

dz0ny大约 2 年前

ollemasle大约 2 年前

Here is the report for this incident: <a href="https://www.githubstatus.com/incidents/x7njwb481j9b" rel="nofollow">https://www.githubstatus.com/incidents/x7njwb481j9b</a>

ccheney大约 2 年前

GOATS-大约 2 年前

This also applies to their avatars subdomain, causing them not to load anymore.

评论 #35296442 未加载

radicalbyte大约 2 年前

mattbillenstein大约 2 年前

bvogelzang大约 2 年前

It looks as though it's back for me now. Status page is now showing the problem: <a href="https://www.githubstatus.com/" rel="nofollow">https://www.githubstatus.com/</a>

评论 #35295893 未加载

dz0ny大约 2 年前

Also serving wrong certificates for a lot of content domains.<a href="https://news.ycombinator.com/item?id=35295191" rel="nofollow">https://news.ycombinator.com/item?id=35295191</a>

jmspring大约 2 年前

Sounds like whoever is in charge of certificates at GH must have come over from MSFT. Afterall, I think Microsoft has had 2-3 certificate expiry issues in the last several years.

评论 #35296339 未加载

gorjusborg大约 2 年前

And today of all days I have a moment to upgrade homebrew stuff.

tonto大约 2 年前

got a "RequestError: certificate has expired" doing a release just now...as usual, not a good idea to release on a friday

Kelamir大约 2 年前

Previously I had the same issue, but it works for me now, as well as for a friend in another EU country.

gunshai大约 2 年前

For us dumb dumbs what does this mean?

apetresc大约 2 年前

Seems to be resolved now. My `brew update` works again.

artyom大约 2 年前

ChatGPT, rotate my certs

评论 #35297047 未加载

评论 #35296146 未加载

jjice大约 2 年前

GOATS-大约 2 年前

It's back now!

alexanderscott大约 2 年前

didn’t they announce a bunch of layoffs recently?

lytedev大约 2 年前

Back up now, it looks like.

carrina大约 2 年前

Not Before Fri, 18 Mar 2022 00:00:00 GMTNot After Tue, 21 Mar 2023 23:59:59 GMT3-day certs.

评论 #35295424 未加载

评论 #35295432 未加载

评论 #35296108 未加载

评论 #35295448 未加载

GitHub's User Content certificate has expired

22 条评论

GitHub's User Content certificate has expired

22 条评论