Forum OpenACS Q&A: Re: New Cert The page isn't redirection properly

Collapse
Posted by Tyge Cawthon on
Q: I assume, this means that the OCSP errors are gone by now, but the redirecting issue is still there.
A: Yes. OCSP errors are gone.  Redirected issue is still there.

Q: Whitelisted
A: removed line. backed to original format before redirect issue.

Q: Is celtic-arts.org a single server?
A: Yes.

Config file:
hostname: celtic-arts.org
ns_param domains celtic-arts.org

OpenACS version: 5.10.1

host-node maps: No

Sub sites: yes
Number of sub sites: 3

Summary:
The config file as back to what it was prior to redirect issue with the exception of the OCSP statement.

SAN and Certificate
Old certificate:
[root@celtic-arts etc]# cat ssl_breakdown_march2025.txt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
          Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E5
        Validity
            Not Before: Mar 12 22:54:48 2025 GMT
            Not After : Jun 10 22:54:47 2025 GMT
        Subject: CN=celtic-arts.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                X509v3 Authority Key Identifier:
            Authority Information Access:
                OCSP - URI:http://e5.o.lencr.org
                CA Issuers - URI:http://e5.i.lencr.org/
            X509v3 Subject Alternative Name:
                DNS:*.celtic-arts.org, DNS:celtic-arts.org
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://e5.c.lencr.org/97.crl

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version  : v1 (0x0)
                    Log ID    :
                    Timestamp : Mar 12 23:53:18.709 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256

                Signed Certificate Timestamp:
                    Version  : v1 (0x0)
                    Log ID    :
                    Timestamp : Mar 12 23:53:18.705 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256

    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:

New Certificate:
[root@celtic-arts etc]# cat ssl_breakdown_june2025.txt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E6
        Validity
            Not Before: Jun 11 18:09:31 2025 GMT
            Not After : Sep  9 18:09:30 2025 GMT
        Subject: CN=celtic-arts.org
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:

                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:

            X509v3 Authority Key Identifier:

            Authority Information Access:
                CA Issuers - URI:http://e6.i.lencr.org/
            X509v3 Subject Alternative Name:
                DNS:*.celtic-arts.org, DNS:celtic-arts.org
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://e6.c.lencr.org/23.crl

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version  : v1 (0x0)
                    Log ID    :
                    Timestamp : Jun 11 19:08:01.190 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256

                Signed Certificate Timestamp:
                    Version  : v1 (0x0)
                    Log ID    :
                    Timestamp : Jun 11 19:08:03.229 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256

    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:

Let us know if you want us to do changes, reinstall or testing of other components.