Forum OpenACS Q&A: Re: New Cert The page isn't redirection properly
A: Yes. OCSP errors are gone. Redirected issue is still there.
Q: Whitelisted
A: removed line. backed to original format before redirect issue.
Q: Is celtic-arts.org a single server?
A: Yes.
Config file:
hostname: celtic-arts.org
ns_param domains celtic-arts.org
OpenACS version: 5.10.1
host-node maps: No
Sub sites: yes
Number of sub sites: 3
Summary:
The config file as back to what it was prior to redirect issue with the exception of the OCSP statement.
SAN and Certificate
Old certificate:
[root@celtic-arts etc]# cat ssl_breakdown_march2025.txt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E5
Validity
Not Before: Mar 12 22:54:48 2025 GMT
Not After : Jun 10 22:54:47 2025 GMT
Subject: CN=celtic-arts.org
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
Authority Information Access:
OCSP - URI:http://e5.o.lencr.org
CA Issuers - URI:http://e5.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.celtic-arts.org, DNS:celtic-arts.org
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://e5.c.lencr.org/97.crl
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID :
Timestamp : Mar 12 23:53:18.709 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID :
Timestamp : Mar 12 23:53:18.705 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
New Certificate:
[root@celtic-arts etc]# cat ssl_breakdown_june2025.txt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E6
Validity
Not Before: Jun 11 18:09:31 2025 GMT
Not After : Sep 9 18:09:30 2025 GMT
Subject: CN=celtic-arts.org
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
Authority Information Access:
CA Issuers - URI:http://e6.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.celtic-arts.org, DNS:celtic-arts.org
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://e6.c.lencr.org/23.crl
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID :
Timestamp : Jun 11 19:08:01.190 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID :
Timestamp : Jun 11 19:08:03.229 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
Let us know if you want us to do changes, reinstall or testing of other components.