Correction to my previous post - https://security. was not that wide spread, only few indexers seen few pages there (one missconfiguration page, and legal page, and index page).
So this might be a rare issue for anyone stepping on that url. Still, just for clarity, it might be good to either make redirect work or close the port if possible. Thanks On 02/04/2019 12:02, dra...@peerfreedom.org wrote: > On 02/04/2019 09:02, Paul Wise wrote: >> On Mon, Apr 1, 2019 at 4:29 PM dra...@peerfreedom.org wrote: >> >>> I think it is a bug clearly - because that site was working before >> The site has never supported https. > > Huh? This site - security.debian.org/ (website, not apt repository) in > fact did supported https. > > I was using it since years afair, and even archive.org has archives of > it, on the https URL: > > http://archive.is/MahaH (and many more) > > Apparently at some point it moved to debian.org/security/ , the only > problem is that old address is redirecting to new address only on http, > while on https it shows invalid cert. > >> If you were using HTTPS >> Everywhere, then it has a rule that will make it seem like https >> redirects to the website (like http actually does). > I did not used that. > >>> Imo just reject port 443 on that server, or make the redirection work again. >> Which IP address are you connecting to? > I got tests from friends both on ipv4 and ipv6, it resolves and connects to: > > 217.196.149.233 > > and > > 2a02:16a8:dc41:100::233 > > > > wget https://security.debian.org/ > --2019-04-02 xxxxxxx -- https://security.debian.org/ > Resolving security.debian.org (security.debian.org)... > 2001:a78:5:1:216:35ff:fe7f:6ceb, 2a02:16a8:dc41:100::233, > 217.196.149.233, ... > Connecting to security.debian.org > (security.debian.org)|2001:a78:5:1:216:35ff:fe7f:6ceb|:443... failed: > Connection refused. > Connecting to security.debian.org > (security.debian.org)|2a02:16a8:dc41:100::233|:443... connected. > ERROR: The certificate of ‘security.debian.org’ is not trusted. > ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer. > The certificate's owner does not match hostname ‘security.debian.org’ > > wget https://security.debian.org/ > --2019-04-02 xxxxxxx -- https://security.debian.org/ > Resolving security.debian.org (security.debian.org)... 217.196.149.233, > 212.211.132.250, 2001:a78:5:1:216:35ff:fe7f:6ceb, ... > Connecting to security.debian.org > (security.debian.org)|217.196.149.233|:443... connected. > ERROR: The certificate of ‘security.debian.org’ is not trusted. > ERROR: The certificate of ‘security.debian.org’ hasn't got a known issuer. > The certificate's owner does not match hostname ‘security.debian.org’ > > >