=== Laney is now known as Guest13167 [11:23] Hi, is it known issue that Launchpad cannot import repositories through CloudFlare (SSL)? [11:23] https://code.launchpad.net/~progval/limnoria/testing imports from https://git.mikaela.info/Limnoria.git and import fails with error "bzrlib.errors.CertificateError: Certificate error: hostname 'git.mikaela.info' doesn't match either of 'ssl2000.cloudflare.com', 'cloudflare.com', '*.cloudflare.com'" while the ceritifcate is valid for *.mikaela.info https://paste.mikaela.info/view/b70bcadd#L56 (in Finnish [11:23] sorry) [11:31] Mikaela: That error is correct; you can reproduce it in a browser. === wgrant_ is now known as wgrant [11:32] Mikaela: The certificate presented by CloudFlare doesn't match the hostname. [11:32] wgrant: I am unable to reproduce it in browser while CloudFlare is enabled, it's currently temporarily disabled [11:32] enabled again, should start going through cloudflare in 5 minutes [11:33] wgrant: paste.mikaela.info should have same certificate, are you able to reproduce this error there? [11:37] Mikaela: paste.mikaela.info works. [11:37] git.mikaela.info should have no issues either and Chrome here doesn't complain. I can also try other browser [11:37] Ah, works now. [11:38] I suspect CloudFlare replication latency. [11:39] https://launchpadlibrarian.net/193888435/progval-limnoria-testing.log is still failing though [11:39] bzrlib.errors.CertificateError: Certificate error: hostname 'git.mikaela.info' doesn't match either of 'ssl2000.cloudflare.com', 'cloudflare.com', '*.cloudflare.com' [11:39] Sure, it works from a node in what looks like Sydney. [11:39] I presume they document the worst-case certificate replication times somewhere. [11:39] So it should start working after that certificate is replicated? [11:40] Remember that CloudFlare has numerous frontends all over the world, and they won't all update instantly when you change the configuration. [11:40] Hm, where did that branch go? [11:40] I am just wondering why that error message doesn't list all domains, it looks like it has the same certificate [11:41] The certificate that was presented by CloudFlare was for just those three domains. [11:41] Launchpad https://code.launchpad.net/~progval/limnoria/testing and it goes to https://git.mikaela.info/Limnoria.git/ [11:41] That would have been from a CloudFlare node in London somewhere, which presumably doesn't have the certificate yet. [11:41] weird, you should see more certificates in the web browser [11:41] *I* do. [11:41] I'm not in Launchpad's datacentre. [11:41] You need to wait for the certificate to replicate throughout CloudFlare's infrastructure. [11:42] From what I see in my web browser, that certificate was issued in 2014-10-02 and expires 2015-10-01 [11:42] it's now using http [11:43] and now it cannot find the branch [11:47] When did you create that vhost on CloudFlare? [11:47] 13:15+0200 [11:48] and now I disabled it again as it's using http and I don't have valid certificate. [11:48] What does CloudFlare say about normal replication delays? [11:48] or if you mean mikaela.info (the certificate is valid for *.mikaela.info), that was probably early 2014 [11:48] Anyway, this isn't a Launchpad problem. Once CloudFlare becomes consistent it will all work. [11:49] The creation date of the certificate isn't relevant. What matters is when the configuration for that vhost on CloudFlare changed. [11:49] I am unable to find any delays documented [11:49] even if the certificate is for *.mikaela.info not git.mikaela.info? [11:49] If a CloudFlare server in London doesn't know that git.mikaela.info exists, it's not going to know to return that certificate for it. [11:50] I actually happen to have VPS in London and I can check whaat it returns [11:52] it reports self signed certificate so disabling cloudflare probably has propagated or if it's what you think it was never enabled there [11:53] Enabling/disabling CloudFlare would presumably incur DNS cache timeouts. [11:53] This current error is even more unclear to me https://launchpadlibrarian.net/193889024/progval-limnoria-testing.log [11:53] https://www.whatsmydns.net/#A/git.mikaela.info appears to say that London nameserver finds nothing [11:53] That's *probably* a 404, but it's difficult to say. [11:54] but as that nameserver doesn't find google.fi either, I wouldn't rely on it [11:54] I'd configure CloudFlare how you wantit, wait an hour or so, and try the HTTPS URL again. [11:54] Thanks, I will try that now [11:54] Always remember that services like CloudFlare are eventually consistent [11:54] You can't atomically update servers across the world like that. [11:55] It has been surprisingly fast around the world and Launchpad is the only place where I have had any issues using it [11:55] Perhaps certificates replicate more slowly. [11:56] probably possible, I am trying again in hour [11:56] which seems to be 15+0200 [11:57] in case you are interested, diral.mikaela.info which is VPS on DigitalOcean London 1 datacenter is currently receiving valid certificate [11:58] when curling git.mikaela.info [11:59] None of my London hosts on unrelated networks are seeing a valid cert yet. [12:01] Mikaela: Oh, the "No branch found at location" is because there's no git smart HTTP server at that URL. [12:01] Only the long-deprecated dumb HTTP protocol. [12:02] http://git-scm.com/book/be/v2/Git-on-the-Server-Smart-HTTP [12:02] We removed support for git over dumb HTTP several years ago. [12:03] I see, I will now also start invitigating that [12:03] (it's deprecated for a reason, too -- pulls over the dumb protocols are terrifyingly slow) [12:04] I hope this also exists for nginx as I am not going to learn Apach [12:04] it does === Guest13167 is now known as Laney === seelaman` is now known as seelaman [16:45] hey there -- this user https://bugs.launchpad.net/~gamal-m-oha-med122000 has started creating some bug reports containing spam, could you please stop him? === yofel_ is now known as yofel === lifeless_ is now known as lifeless