Обсуждение: https://cfbot.cputube.org - certificate has expired

Hi,

I've just discovered that cfbot has a little problem with TLS:

```
$ curl -vvv https://cfbot.cputube.org
* Host cfbot.cputube.org:443 was resolved.
* IPv6: (none)
* IPv4: 139.180.174.5
*   Trying 139.180.174.5:443...
* Connected to cfbot.cputube.org (139.180.174.5) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
```

The non-encrypted version serves fine. Sorry for the message to a wide
audience, but I don't know who maintains cfbot.

--
Best regards,
Aleksander Alekseev

Hi,

On Thu, 27 Nov 2025 at 16:00, Aleksander Alekseev
<aleksander@tigerdata.com> wrote:
>
> Hi,
>
> I've just discovered that cfbot has a little problem with TLS:
>
> ```
> $ curl -vvv https://cfbot.cputube.org
> * Host cfbot.cputube.org:443 was resolved.
> * IPv6: (none)
> * IPv4: 139.180.174.5
> *   Trying 139.180.174.5:443...
> * Connected to cfbot.cputube.org (139.180.174.5) port 443
> * ALPN: curl offers h2,http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> *  CAfile: /etc/ssl/certs/ca-certificates.crt
> *  CApath: /etc/ssl/certs
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> * TLSv1.3 (OUT), TLS alert, certificate expired (557):
> * SSL certificate problem: certificate has expired
> * Closing connection
> curl: (60) SSL certificate problem: certificate has expired
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
> ```
>
> The non-encrypted version serves fine. Sorry for the message to a wide
> audience, but I don't know who maintains cfbot.

Thomas and Jelte maintain the CFBot. AFAIK, CFBot has worked like that
from the start so I guess that is expected.


-- 
Regards,
Nazir Bilal Yavuz
Microsoft

Hi Nazir,

> > The non-encrypted version serves fine. Sorry for the message to a wide
> > audience, but I don't know who maintains cfbot.
>
> Thomas and Jelte maintain the CFBot. AFAIK, CFBot has worked like that
> from the start so I guess that is expected.

The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
confident https worked yesterday.

-- 
Best regards,
Aleksander Alekseev

Hi Aleksander,

On Thu, 27 Nov 2025 at 16:09, Aleksander Alekseev
<aleksander@tigerdata.com> wrote:
>
> Hi Nazir,
>
> > > The non-encrypted version serves fine. Sorry for the message to a wide
> > > audience, but I don't know who maintains cfbot.
> >
> > Thomas and Jelte maintain the CFBot. AFAIK, CFBot has worked like that
> > from the start so I guess that is expected.
>
> The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
> confident https worked yesterday.

Oh, sorry! Then I must have remembered incorrectly. Thomas and Jelte
might be able to help with the $SUBJECT, I guess.

-- 
Regards,
Nazir Bilal Yavuz
Microsoft

On Fri, Nov 28, 2025 at 2:14 AM Nazir Bilal Yavuz <byavuz81@gmail.com> wrote:
> On Thu, 27 Nov 2025 at 16:09, Aleksander Alekseev
> <aleksander@tigerdata.com> wrote:
> > The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
> > confident https worked yesterday.
>
> Oh, sorry! Then I must have remembered incorrectly. Thomas and Jelte
> might be able to help with the $SUBJECT, I guess.

Oops.  It does have automated cert renewal but apparently it stopped
working... looking...

On Fri, Nov 28, 2025 at 11:25 AM Thomas Munro <thomas.munro@gmail.com> wrote:
> On Fri, Nov 28, 2025 at 2:14 AM Nazir Bilal Yavuz <byavuz81@gmail.com> wrote:
> > On Thu, 27 Nov 2025 at 16:09, Aleksander Alekseev
> > <aleksander@tigerdata.com> wrote:
> > > The certificate expired Wed, 26 Nov 2025 23:59:59 GMT. I'm pretty
> > > confident https worked yesterday.
> >
> > Oh, sorry! Then I must have remembered incorrectly. Thomas and Jelte
> > might be able to help with the $SUBJECT, I guess.
>
> Oops.  It does have automated cert renewal but apparently it stopped
> working... looking...

It had started getting some strange errors from ZeroSSL (CA) while
trying to renew certs periodically.  Couldn't figure out why, but it
seemed to want me to wait a really long time before retrying so I
flipped it over to LetsEncrypt and it seems to be happy again.  Sorry
about that, and thanks for letting me know!