Bug 248136

Summary: download.freebsd.org certificate expired
Product: Services Reporter: Brad Ackerman <brad>
Component: FTP/WWW Sites & MirrorsAssignee: FreeBSD Mirror Admin <mirror-admin>
Status: Closed FIXED    
Severity: Affects Many People CC: freebsd, philip, swills
Priority: ---    
Version: unspecified   
Hardware: Any   
OS: Any   

Description Brad Ackerman 2020-07-21 04:39:47 UTC 
The certificate for download.freebsd.org expired at 2020-07-20T20:17:11Z.
Comment 1 Brad Ackerman 2020-07-21 04:49:00 UTC 
Some people in IRC get a non-expired certificate. The expired certificate is served when connecting from AS54858 (US), but a valid certificate is served when connecting from AS8943 (GB).
Comment 2 Vincent Milum Jr 2020-07-21 04:52:14 UTC 
Can confirm. Expired cert connecting from Seattle.
Comment 3 Steve Wills freebsd_committer freebsd_triage 2020-07-21 04:57:56 UTC 
I'm seeing the non-expired cert from AS11426, but I'm also using IPv6 FWIW.
Comment 4 Brad Ackerman 2020-07-21 05:04:21 UTC 
v4 and v6 seem to return identical same results for me on both the test systems (and AS8075 in US also returns expired certificate).
Comment 5 Vincent Milum Jr 2020-07-21 05:10:33 UTC 
Also, FireFox wont allow overriding the failed cert to browse the site due to HSTS. And attempting HTTP redirects to HTTPS automatically.

"You cannot visit download.freebsd.org right now because the website uses HSTS."
Comment 6 Philip Paeps freebsd_committer freebsd_triage 2020-07-21 05:28:50 UTC 
I reloaded nginx on ftp0.tuk.freebsd.org.  Its certificate expired earlier today.  Unsure why it wasn't automatically reloaded.