On 31/03/2019 00:48, Cyril Brulebois wrote: > Hi, > > dra...@peerfreedom.org <dra...@peerfreedom.org> (2019-03-30): >> Previously the web page for debian security was located on: >> >> security.debian.org >> >> Going there now through http, will redirect to the new address >> www.debian.org/security/ >> >> But going there through https, will instead return SSL errror, cert by >> unknown CA "Debian SMTP CA" which seems to have "CA key identifier" "00 >> f6 08 13 4a 49 f7 da d3", >> entire cert sha256 fingerprint is >> "DF:68:20:DA:43:5A:7C:1A:9C:43:8B:56:56:24:92:A5:E6:EC:F6:B1:92:8F:D1:4C:9F:5D:93:C7:7D:13:26:1B" > Not all things served over http:// are supposed to be reachable over > https:// so that might be just considered as not-a-bug. > > > Cheers,
I think it is a bug clearly - because that site was working before, and AFAIR was recommended by some pages and/or tutorials. Anyway people have it in bookmarks. Google indexed it too - https://www.google.com/search?q=+"https%3A%2F%2Fsecurity.debian.org"; Imo just reject port 443 on that server, or make the redirection work again. Current situation looks suspicious that you go to security web page and see invalid SSL cert.
