[00:52] <zemmihates> good morning friendly irc folk.
[00:53] <teward> good evening!  :)
[00:53] <zemmihates> Or evening, depending on where you are in the world :p
[00:54] <zemmihates> I have an issue with logrotate and I think I need an adults help.
[00:54] <zemmihates> if anyone is feeling willing
[00:57] <zemmihates> Basic gist of the issue is, I'm getting 'error creating output file <blah> file exists' - problem is, rotation is set to 10 years, the file it's complaining about is 7 months old. So I'm not sure what to try next.
[00:58] <zemmihates> tried reinitalizing the state file, checked all the perms, checked if it was 0byte, made sure that there wasn't another config file that may be trying to touch it.
[01:10] <sarnold> zemmihates: can you catch it in the act with strace?
[01:11] <zemmihates> I didn't really want to go that far :p but looks like it's my next port of call. just had some people in another chan look at the config and looks like we're all good there.
[01:12] <sarnold> heh yeah, strace isn't exactly fun..
[01:12] <billy_ran_away> Anyone really familiar with GPT partitions? Like why they make get messed up when a BIOS tries to boot from them? Or how to fix that?
[01:12] <billy_ran_away> This is what I'm seeing... http://pastebin.com/TSx0rYWR http://pastebin.com/A66PvCzv
[01:13] <billy_ran_away> Two of my drives in a 4 drive RAID array are messed up...
[01:25] <JanC> billy_ran_away: I hope you have backups
[01:25] <billy_ran_away> JanC: I think if I could just fix the GPT partition table it work
[03:45] <erkburgles> I am trying to gain functionality of my trackpad for dell inpsiron 3541i with ubuntu 15.0.4, I went here http://askubuntu.com/questions/527793/clickpad-not-working-on-dell-inspiron-13-7000-running-ubuntu-14-04 followed everything, waited hours for the source to go through and absolutely nothing is fixed can anyone help me
[03:52] <erkburgles> zxcv
[03:53] <erkburgles> can anyone help me with my trackpad issue
[03:54] <erkburgles> followed this http://askubuntu.com/questions/527793/clickpad-not-working-on-dell-inspiron-13-7000-running-ubuntu-14-04 and after HOURS absolutely nothing is fixed
[04:26] <histo> erkburgles: is your trackpad still broke?
[05:56] <neonixcoder> Good day team..
[05:56] <neonixcoder> I am facing a strange issue..
[05:57] <neonixcoder> I have an issue with /etc/resolv.conf file whose content are moved by some process..
[05:58] <neonixcoder> after removing, My VPN connectivity is lost and I can not do any thing..
[05:58] <neonixcoder> any suggestions?
[05:58] <neonixcoder> permissions on that file is 644 for root user..
[05:59] <TJ-> neonixcoder: "/etc/resolv.conf" should be a symlink created by resolvconf. See "man 8 resolvconf"
[06:00] <neonixcoder> TJ-: I am aware of this, but my system worked fine with same config.. ie its not a symlink to any file..
[06:01] <neonixcoder> So bit curious how is it got edited and becomes empty..
[06:03] <TJ-> neonixcoder: are the resolvconf scripts altering it directly? As I recall they perform updates on the "/etc/resolv.conf" symlink
[06:03] <neonixcoder> TJ-:How can I conform on this? I checked if any service running with resolvconf with ps -ef | grep resolv and I did not get any process..
[06:04] <TJ-> neonixcoder: If I recall correctly its the resolvconf hook scripts
[06:08] <neonixcoder> TJ-:Did not get you..
[06:08] <neonixcoder> can you give more info on this?
[06:10] <TJ-> neonixcoder: "man 8 resolvconf" see the discussions on how it works, and the FILES section
[06:18] <neonixcoder> TJ-:Will try to check it.. but I am sure.. resolvconf service is not working in my host..
[06:19] <TJ-> neonixcoder: as the docs say... it isn't a service! It's a series of hook scripts triggered by other processes
[06:19] <neonixcoder> TJ-: Got your point..
[06:33] <neonixcoder> TJ-:Another question, do we require ubuntu-minimal package if I want to go with simple ubuntu machine?
[06:35] <TJ-> neonixcoder: As far as I recall that's a meta-package describing the minimal set of packages to useful install, but you can install whatever packages you know are needed
[06:36] <neonixcoder> I removed ntpdate from my machine as I installed ntp package and this ntpdate removed ubuntu-minimal along with it..
[06:37] <neonixcoder> so just curious if we really require this package or not?
[06:38] <TJ-> neonixcoder: It's usefdul to retain it for upgrades since the depends may change but it doesn't have anything of its own to install, it just has a list of depends to satisfy
[06:39] <neonixcoder> Ok..
[07:47] <neonixcoder> TJ-:I got what is changing my /etc/resolv.conf file..
[07:49] <neonixcoder> A bit background, I use 3G modem to connect my remote server to internet. Once Internet is established, I use vpn to connect to my central servers.
[07:49] <neonixcoder> I can see modem is connected properly then VPN is connected properly..
[07:50] <neonixcoder> But after some time VPN is dropping off in a random time and this guy is moving /etc/resolve.conf file contact and replacing it with an existing file..
[07:50] <neonixcoder> I am struck up here..
[08:34] <maswan> Hm. I'm really scratching my head here, and wonder if someone of you have any ideas. Out of two identical machines one just does not get it's statically configured ipv6 ip at boot. And the same applies to one out of a dozen VMs. As far as I can tell they're identical too, the logs I've found say nothing, any clues for where to look next?
[08:48] <lordievader> Good morning.
[08:53] <jamespage> SpamapS, ack - wondered who did that (came through on my backports notification email)
[08:53] <jamespage> SpamapS, I'll sync up debian experimental as well
[09:03] <rbasak> jamespage: opinion on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1470778 please? Critical bug / SRU regression or expected behaviour?
[09:04] <jamespage> rbasak, definately not intended - libvirt != docker
[09:04] <jamespage> youch
[09:05] <rbasak> hallyn: ^^
[09:06] <jamespage> SpamapS, ironicclient 0.7 uploaded to experimental - I'll resync once LP notices
[10:45] <clays116> hello who can help me with openstack? when i try create instance i see error: There was an error submitting the form. Please try again
[11:10] <arcsky> dns settings where do i configure that ? resolv.conf doesnt seems to be the proper way nowdays...
[12:58] <a_ok> Can someone tell my why linux-image-generic is stuck at version 3.13?
[12:59] <a_ok> apt-cache tells me that 3.19 is available
[12:59] <bekks> !info linux-image-generic
[13:00] <jpds> a_ok: You're looking for: linux-image-generic-lts-vivid
[13:01] <a_ok> jpds: Thanks. Rather confusing naming schemes though...
[13:01] <jpds> a_ok: Not really.
[13:01] <jpds> !hwe | a_ok
[13:27] <arcsky> hey guys, im trying to install Ubuntu. I got error when i come to the Grub installation. it says "Unable to install GRUB in /dev/sda" but i want it to be installedf on /dev/sdb . how can i do that?
[13:28] <coreycb> jamespage, can we promote python-keystonemiddleware to proposed in the juno cloud archive?
[13:31] <jamespage> yes
[13:34] <coreycb> jamespage, and oslo.messaging for icehouse please
[13:35] <coreycb> beisner, icehouse 2014.1.5 is ready for trusty testing
[13:40] <kpoman> hello to all. I would like to emulate a localhost smtp server by using ssmtp to relay to a gmail account I have. can someone tell me if this is possible and point me a how-to ?
[13:41] <bekks> Just install postfix and set it up as internet relay - you will be asked upon installation.
[13:42] <kpoman> bekks: postfix has too much overhead and security implications. I thought more as a microdaemon emulating a smtp server only in localhost and relay
[13:42] <bekks> Too much overhead? :)
[13:43] <kpoman> bekks: yep, lot of files, daemons, configurations, etc...
[13:43] <bekks> A small number of config files, one daemon.
[13:44] <kpoman> bekks: I am not gonna use quite nothing about its subsystems etc... Isnt there some tool able to create a localhost smtp server and create then send mail commands on the data inputted to it ?
[13:44] <bekks> Which "subsystems" do you actually talk about?
[13:44] <kpoman> bekks: the queues deferreds et al
[13:44] <bekks> Postfix is mailserver, its only subsystem is the MTA functionality.
[13:44] <bekks> *is a
[13:45] <kpoman> it has lot of user management, virtual domains, and all kind of complications I'd like to avoid
[13:46] <bekks> So you didnt even try to set it up. You didnt even see how easythat process is actually.
[13:46] <kpoman> bekks: it's just about curiosity. I already installed some postfix on my past but now as I am using ssmtp relaying to a gmail account on a small virtual hosted server I need to economize ram, disk space and stuff
[13:47] <bekks> Postfix isnt a ram-hog nor a space-hog.
[13:47] <kpoman> ssmtp is working fine, but lot of apps ask for a server:port conf
[13:49] <kpoman> bekks: anyway, dont you think a virtual smtp server just adding an interface for apps to the ssmtp ultra-light-and-simple tool, wouldnt be a great tool ?
[13:49] <bekks> Nope.
[13:50] <bekks> A postfix internet relay ist fast, small, efficient. No need for reinventing the wheel again.
[13:50] <kpoman> bekks: so postfix would completely replace ssmtp, right ?
[13:50] <bekks> Right.
[13:51] <kpoman> am gonna look for some tutorials out there on the internet then ...
[13:51] <kpoman> I thought you were proposing use of postfix only as that virtual stuff to send to ssmtp
[13:52] <bekks> kpoman: https://help.ubuntu.com/lts/serverguide/postfix.html
[13:53] <bekks> kpoman: Postfix is a MTA, no MUA.
[14:06] <beisner> coreycb, ack, i'll kick the icehouse proposed tests - thanks!
[14:24] <teward> ivoks: where's the link for PostFix virtual domains again?  I lost my browser history ://
[14:25] <teward> (so test@domain1 and test@domain2 can be forwarded to different addresses rather than to the same, etc.)
[14:26] <patdk-wk> link?
[14:26] <teward> patdk-wk: he gave me a wiki link yesterday, i don't have scrollback or internet history
[14:27] <patdk-wk> hmm, what your asking is the same thing
[14:27] <patdk-wk> postfix forwards to whereever yo utell it to
[14:27] <teward> patdk-wk: um... aliases != virtual domains?
[14:27] <patdk-wk> there is nothing different about local/offsite/internal/external/same/different
[14:27] <teward> patdk-wk: explain that to forwarding - it only accepts the left side of the address
[14:27] <patdk-wk> no
[14:28] <teward> i can't pass it `foo@bar.baz: teward@ubuntu.com` in /etc/aliases without it yelling about the account not being local
[14:28] <patdk-wk> how is aliases!=virtual domains?
[14:28] <patdk-wk> local != virtual
[14:28] <tdn> I have set up a LUKS encrypted /home on my Ubuntu 12.04. I have entered "none" in /etc/crypttab to indicate that I want the user to enter passphrase during boot. However, the Ubuntu Splash screen does not show the prompt, so it times out on mounting /home and asks user to skip or drup to shell instead. How do I make Ubuntu show the LUKS prompt in the boot splash?
[14:28] <teward> patdk-wk: then postfix and what i'm told here are conflicting
[14:28] <patdk-wk> stop attempting to do virtual when using local
[14:28] <patdk-wk> no idea what you where told here
[14:28] <patdk-wk> but the postfix manual and #postfix is very easy to understand
[14:28] <ivoks> it's not conflicting
[14:28] <teward> stop talking... just stop for a minute.  I'm trying to achieve postfix as a MAIL FORWARDER, accepting foo@bar.baz and foo@baz.bar and forward to different addresses.
[14:29] <teward> for MULTIPLE DOMAINS
[14:29] <ivoks> teward: you were told to use virtualdomains if you want to use multiple domains
[14:29] <teward> i'm hearing 'aliases', 'virtual domains', etc.
[14:29] <ivoks> you said you'll do that at some other time
[14:29] <patdk-wk> are they local? or virtual?
[14:29] <teward> ivoks: and i lost the wiki link you provided and want it again
[14:29] <teward> ivoks: what's happening is patdk-wk is confusing me
[14:29] <teward> and all I would like is that link you provided me yesterday
[14:29] <teward> cause its not in my scrollback, nor my internet browser history
[14:29] <patdk-wk> do you have a mydestinations = bar.baz and baz.bar
[14:31] <ivoks> google 'postfix virtualdomains ubuntu'
[14:31] <ivoks> https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
[14:31] <patdk-wk> sadly he isn't using virtual domains if he is using /etc/aliases
[14:32] <ivoks> patdk-wk: he didn't want to use virtualdomain, it was too complex
[14:32] <ivoks> so... he went with internet site + smarthost
[14:33] <patdk-wk> ah, he kept saying virtual
[14:33] <patdk-wk> not once local
[14:33] <patdk-wk> hmm, internet site + smarthost doesn't make a different of local or virtual
[14:33] <ivoks> it doesn't
[14:33] <ivoks> but it sets everything for local
[15:36] <thor77> hey, i want to backup my server with duplicity via ftp. i want to use lftp as ftp-backend. lftp is installed, but duplicity complains about "UnsupportedBackentScheme": "UnsupportedBackendScheme: scheme not supported in url: lftp+ftp://myuser@mybackuphost/"
[15:41] <thor77> and if i use ftp://... it wants me to install ncFTP
[15:41] <thor77> uh, seems like the version from ubuntu-repos doesn't support lftp...
[15:41] <thor77> nvm
[15:57] <thor77> uhm, yeah. is it possible to ONLY backup files given in --include-filelist? what path should i provide as source_path than?
[16:22] <lordievader> thor77: Perhaps you want to look into dirvish.
[16:24] <thor77> lordievader: i'm rly happy with duplicity
[16:24] <thor77> don't want to switch
[16:26] <lordievader> Just making a suggestion.
[16:26] <thor77> yeah
[16:26] <thor77> oh
[16:26] <thor77> didn't say i'm using duplicity
[16:26] <thor77> my fault, sry
[16:29] <lordievader> thor77: About your previous question, you really don't want to be using ftp.
[16:29] <thor77> lordievader: i have to
[16:30] <lordievader> Why? FTP is really bad nowadays.
[16:30] <thor77> lordievader: my backup-provider doesn't provide any other protocol for backup-access
[16:30] <lordievader> Wut? That is a very bad backup-provider.
[16:30] <thor77> that wasn't my question :) i'm very happy with my provider
[16:30] <lordievader> Not even sftp?
[16:31] <thor77> nope
[16:31] <lordievader> Wow. That is terrible.
[16:32] <lordievader> So anyone between you and your backup provider has your files...
[16:32] <thor77> its in the same network
[16:32] <thor77> vps -> backup
[16:33] <lordievader> Makes it a bit better, but still...
[16:34] <lordievader> thor77: Duplicity has exclude options: http://duplicity.nongnu.org/duplicity.1.html
[16:34] <thor77> i know
[16:34] <thor77> but i want "backup all files from this list, nothing else"
[16:37] <lordievader> So --include-filelist?
[16:38] <thor77> yeah, but i need a source_path
[16:38] <thor77> i tried using / as source_path
[16:39] <thor77> -> http://pastie.org/private/mzxw1tmivfcmwshgxzkjw
[16:40] <lordievader> Make an empty dir in /tmp?
[16:40] <lordievader> And set the source to that?
[16:40]  * lordievader has never worked with duplicity.
[16:41] <thor77> already tried to set it to /dev/null -> "doesn't start with correct prefix /dev/null.  Ignoring"
[16:42] <SpamapS> jamespage: thanks! I wasn't sure whether or not the Debian bits were in sync. So, the next question... the ironiccline tin UCA does not work with the Nova Ironic virt driver in UCA
[16:42] <SpamapS> jamespage: ironicclient
[16:42] <SpamapS> jamespage: I think 0.6.0 would be the better choice, as its requirements are aligned with Kilo requirements.
[17:01] <hexafraction> Hi, will the Ubuntu server install disks preserve a /home that lives in the same partition as /?
[17:03] <patdk-wk> it will do whatever you want
[17:03] <patdk-wk> if you don't change anything, yes
[17:03] <hexafraction> patdk-wk: OK, thanks.
[17:20] <jamespage> SpamapS, pity that's not expressed in requirements :(
[17:20] <jamespage> SpamapS, a version bump on ironicclient will need to go via the SRU process
[17:21] <jamespage> (for vivid)
[17:26] <SpamapS> jamespage: can't express optional requirements. :-P
[17:26] <SpamapS> jamespage: but yes, vivid's nova+ironic is broken.
[17:26] <SpamapS> jamespage: the real pity is there's no integration gate .. but.. infra will be doing that. ;)
[17:26] <SpamapS> jamespage: I will say that requirements things being weird like that is a nice argument for all virt drivers moving out of tree. :)
[17:27] <jamespage> SpamapS, https://github.com/openstack/requirements/blob/stable/kilo/global-requirements.txt#L126
[17:27] <jamespage> interesting versioning for kilo based on your comment above
[17:27] <SpamapS> jamespage: oh, 0.5.1 works too
[17:27] <SpamapS> jamespage: so we just missed bumping the minimum, because ENOGATETEST
[17:27] <jamespage> SpamapS, that might be a better choice then
[17:29] <jamespage> SpamapS, I'm a bit concerned that the minimum version is know broken as well
[17:29] <jamespage> SpamapS, we drive alot of our processes from global-requirements
[17:29] <SpamapS> jamespage: so unfortunately, this happens. We don't test with minimums.
[17:30] <jamespage> SpamapS, yah - hmm
[17:30] <SpamapS> jamespage: its one of those 'it would be great to expand the matrix to include minimums"
[17:30] <SpamapS> jamespage: nova+ironic _is_ gated, actually, but not with minimums.
[17:30] <jamespage> SpamapS, yes - we often pickup incorrect minimums in distro
[17:30] <SpamapS> jamespage: so the failure was in the ironic nova virt developers using 0.5 features without bumping global reqs
[17:31] <jamespage> SpamapS, an example - https://bugs.launchpad.net/barbican/+bug/1470799
[17:31] <SpamapS> jamespage: luckily, I"m building a cloud to add 2500 vm capacity.. we might be able to do just that. :)
[17:31] <jamespage> SpamapS, OK - so this sounds SRU'able
[17:31] <SpamapS> jamespage: it's easily demonstrable
[17:32] <SpamapS> jamespage: test case: setup nova, setup ironic, nova boot -> see fail because 'configdrive' is passed.
[17:32] <jamespage> SpamapS, could you raise a bug?
[17:32] <SpamapS> jamespage: against vivid ironicclient?
[17:32] <jamespage> SpamapS,  yp
[17:32] <SpamapS> jamespage: k, on a call, then I will
[17:33] <jamespage> SpamapS, we'll bump in a new version given sufficient justification - if you could document a test case and help with verification then +1
[17:33] <SpamapS> jamespage: indeed.. I have all the puppet to reproduce. :)
[17:34]  * jamespage gives SpamapS a nice big hug
[17:51] <SpamapS> jamespage: https://bugs.launchpad.net/ubuntu/+source/python-ironicclient/+bug/1470950
[18:15] <lordievader> thor77: Hence the empty dir ;)
[18:34] <steadystatic> I’m on  14.04.2 LTS trying to find a PPA for Postfix 3.0 - I am nervous to make and make install it from scratch and risk screwing up my production. Running Postfix 2.11.0…I tried digging through https://launchpad.net/ubuntu/+ppas but no luck yet
[18:34] <steadystatic> (Having to do this for PCI compliance scan failure)
[18:35] <steadystatic> Anyone know where I can find Postfix 3 for Trusty?
[18:37] <andol> steadystatic: Out of curiosity, why on earth would you need Postf 3.0 to be compliant security wise?
[18:37] <sarnold> steadystatic: apparently, previous auditors have been placated by showing them the USNs that demonstrate updates for SSL/TLS vulnerabilities
[18:37] <steadystatic> andol: I kinda wondered too but they said on the PCI scan “Download latest version of postfix”
[18:38] <patdk-wk> all pci scans say that
[18:38] <sarnold> steadystatic: is -that- it? idiots.
[18:38] <patdk-wk> did you actually expect pci people to actually track what version you have, and if you are vaunerable, and actually TEST for the vaunerability
[18:39] <patdk-wk> no, they just do version compare, who cares if your vaunerable or not
[18:39] <steadystatic> Can they even tell what version of postfix from an outside scan
[18:39] <steadystatic> ?
[18:39] <sarnold> steadystatic: here, I hope this can help: https://launchpad.net/ubuntu/+source/postfix https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions https://www.debian.org/security/faq#version https://access.redhat.com/security/updates/backporting
[18:39] <steadystatic> Maybe I just upgrade to 2.9 then and call it good. What’s a USN?
[18:40] <sarnold> steadystatic: check the "banner" postfix is advertising by nc hostname 25 ...
[18:40] <steadystatic> ahh
[18:40] <sarnold> steadystatic: http://www.ubuntu.com/usn/
[18:40] <patdk-wk> steadystatic, what is your postfix server ip?
[18:40] <patdk-wk> or dns
[18:41] <patdk-wk> or they might just be checking what SSL/TLS is accepted and assume your running older version
[18:41] <patdk-wk> if you are running 2.11 why would you *upgrade* to 2.9
[18:42] <steadystatic> 107.170.200  dot 194 is my IP
[18:42] <steadystatic> (I have no idea if bots troll these logs, that probably won’t do me much good lol)
[18:42] <patdk-wk> it's a public server
[18:42] <patdk-wk> I don't see how it would matter
[18:42] <bekks> steadystatic: USN is a "Ubuntu Security Notice".
[18:43] <patdk-wk> ESMTP Postfix (Ubuntu)
[18:43] <patdk-wk>  is all it says
[18:43] <patdk-wk> probably they assume your outdated cause it says ubuntu
[18:43] <steadystatic> interesting so if i rescan and just change the banner
[18:43] <steadystatic> that could appease them possibly?
[18:43] <patdk-wk> they will likely still hit you up on it
[18:44] <patdk-wk> based on other things
[18:44] <sarnold> I'd rather you try to educate the idiots ;)
[18:44] <patdk-wk> normally you just link them to the USN, and your done
[18:44] <steadystatic> cool
[18:44] <sarnold> but I can certianly appreciate the sisyphisian nature of the task :)
[18:44] <patdk-wk> sarnold, it would never help
[18:44] <patdk-wk> they just don't care :)
[18:44] <patdk-wk> it would increase their workload to do proper checking
[18:44] <sarnold> patdk-wk: like those idiots selling vulnerability scanners
[18:45] <steadystatic> Why do their scans take 24 hours is what I want to know...
[18:45] <sarnold> oh, sorry, "vulnerability scanners".
[18:45] <sarnold> steadystatic: 'cause they want you to think you're getting your money's worth
[18:45] <steadystatic> That’s what I thought, too
[18:45] <patdk-wk> steadystatic, they take >7days when they scan me
[18:45] <steadystatic> Ugh - yeah client picked these guys I had no say
[18:45] <patdk-wk> atleast based on my web traffic logs from their ip space, and my 800% higher than normal http cpu usage
[18:46] <patdk-wk> they pci scan EVERY SINGLE blog/forum/... entry
[18:56] <steadystatic> Ok so I’m just changed main.cnf and am updating their other items then…they say they want openssh 6.6 but i’m already on OpenSSH_6.6.1p1
[18:56] <steadystatic> *changing
[18:57] <steadystatic> I hate pci scans seems like painful meaningless quarterly to do list
[18:57] <steadystatic> glad i’m a front end dev for my day job, you guys I feel your pain
[19:03] <steadystatic> Oh these guys…dug deeper into pci report this is why “* Running SMTP service * Product Postfix exists -- Postfix * No version for Postfix found”
[19:03] <steadystatic> so they just ding me on that. im not gonna advertise to you what version im on!
[19:23] <steadystatic> Should I request exception on this too? “* Running SSH service * Product OpenSSH exists -- OpenBSD OpenSSH 6.6.1p1 * Vulnerable version of product OpenSSH found -- OpenBSD OpenSSH 6.6.1p1”
[19:26] <bekks> steadystatic: Depends on the vulnerability (CVE) they refer to.
[19:26] <steadystatic> bekks: CVE-2014-2653 is what they listed
[19:26] <bekks> So check which package you are using exactly, with apt-cache
[19:27] <sarnold> steadystatic: probably; there is a vulnerability in our ssh package that needs to be fixed, but no deity can help you if you're using X11 forwarding over ssh on any system that handles credit card data :)  http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5352.html
[19:27] <sarnold> steadystatic: that's been fixed: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2653.html
[19:28] <steadystatic> sarnold: haha, no def. not x11 forwarding to this box
[19:32] <steadystatic> OK one last PCI question: I setup this ssl cert myself through namecheap positivessl…but does this mean #doingitwrong ? “TLS/SSL certificate signed by unknown, untrusted CA: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB -- Path does not chain with any of the trust anchors.”
[19:33] <bekks> comodo had some severe trust issues, that why no one trust their certs anymore.
[19:34] <steadystatic> I checked on ssllabs.com their scanner seems fine to my untrained eye
[19:34] <steadystatic> crap. so to remediate I might have to get a new cert and shell out more cash?
[19:34] <steadystatic> https://www.ssllabs.com/ssltest/analyze.html?d=awanderlustadventure.com
[19:34] <steadystatic> I got an A rating there
[19:35] <steadystatic> disabled RC4 and some of the other things i was supposta do
[19:37] <sarnold> steadystatic: I wonder if they are complaining that your server is actually returning the trust root in the chain
[19:37] <sarnold> steadystatic: .. maybe try taking the root CA out of your chain?
[21:54] <Daviey> SpamapS: It seems it *is* possible to express optional requirements
[21:54] <Daviey> jamespage: ^