> On Jan 11, 2022, at 2:07 PM, Dan Mahoney <d...@prime.gushi.org> wrote: > > > >> On Jan 11, 2022, at 10:38 AM, Claus R. Wickinghoff <cl...@mobile.oche.de >> <mailto:cl...@mobile.oche.de>> wrote: >> >> Mojn, >> >>> Today I find only a directory listing at www.postfix.org >>> <http://www.postfix.org/> or www.postfix.com <http://www.postfix.com/> >> With http it's working. >> >> With https I get a certificate warning (issued for archive.science.uu.nl >> <http://archive.science.uu.nl/>) and a directory listing. >> >> So might be a regional problem? > > Regional? > > There's no vhost configured for www.postfix.org:443 > <http://www.postfix.org:443/>, that's why you're seeing a different site. > > The site that's answering is the first one configured in apache for > 131.211.31.189:443, and thus will answer regardless of which Host: header is > sent, just as if you browsed to it via IP address. (Which would also give > you a cert mismatch warning).
It’s an odd thing for a major project like Postfix to have this type of setup. If someone types “https://www.postfix.org/ <https://www.postfix.org/>“, or has a browser that uses https by default, and accepts any warnings, they land on another site. And if the answer is “don’t accept the override”, I mean I guess maybe someone will try http eventually, or they may figure the whole thing is screwy and just go hunting for a mirror... Just a weird hill to die on. Certs are free. Charles > > If we want something to be concerned about, the apache version is like...40 > minor versions out of date. (2.4.6 -- it could be lying about its version). > > -Dan
