What's going on with forum ?

I have many times some weird problem that this page is rendered - https://alamantia.com instead of phalcon forum. What's going on ? Some problem with my ISP or what ?

DNS issues I guess.

I'm getting SSL errors 1/3 times...

But im using google dns. What a hell ? Or you mean dns issues on their namespace servers where they host them ?

Actually, it is problem with SSL certificate. It seems that it has been regenerated.

edited May '16

Another update - alamantia.com site is hosted on this server too. Both certificates are signed by Let's Encrypt Authority X3, which is not allowed on the same server / port. In other words, both SSL certificates should be merged to be valid for both domains

Besides commonName=phalconphp.com, this certificate has an alternative names:

  • album-o-rama.phalconphp.com
  • api.phalconphp.com
  • blog.phalconphp.com
  • docs.phalconphp.com
  • forum.phalconphp.com
  • invo.phalconphp.com
  • phalconphp.com
  • php.phalconphp.com
  • store.phalconphp.com
  • vokuro.phalconphp.com
  • www.phalconphp.com

All

I believe this has been resolved. I generated a certificate only for the forum forum.phalconphp.com and that should sort this issue out.

The reason for the alamantia.com is that our load balancer picks up the first SSL certificate it has in its list and serves that if an error occurs.

I have fixed all the configurations on both servers and everything seems to be working as expected. If however there are any issues please let us know.

Thanks

edited May '16

@niden I still get this while connecting directly from openssl openssl s_client -connect forum.phalconphp.com:443:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = alamantia.com
verify return:1
---
Certificate chain
 0 s:/CN=alamantia.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate

Decoded X509 certificate:

Certificate Information:
Common Name: alamantia.com
Subject Alternative Names: alamantia.com, www.alamantia.com
Valid From: May 21, 2016
Valid To: August 19, 2016
Issuer: Let's Encrypt Authority X3, Let's Encrypt
Serial Number: 0310af511e13dd6b20344a3f67de7715dc12
edited May '16

@stamster

Yes I see that too with the command you provided.

Doing a wget forum.phalconphp.com or wget https://forum.phalconphp.com returns the front page of the forum.

I don't understand why do you want to connect with the openssl client. Loading up the forum in Firefox, Chrome and Safari produces the correct output (the forum) with the correct certificate.

What you are hitting right there is the load balancer which does not understand which site you are getting to. If you change your command to let the balancer know that you want the forum, you get the correct certificate. This applies to all SNI implementations.

 $ openssl s_client -connect forum.phalconphp.com:443 -servername forum.phalconphp.com
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = forum.phalconphp.com
verify return:1
---
Certificate chain
 0 s:/CN=forum.phalconphp.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
subject=/CN=forum.phalconphp.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
edited May '16

@stamster

I don't understand why do you want to connect with the openssl client. Loading up the forum in Firefox, Chrome and Safari produces the correct output (the forum) with the correct certificate.

Because that's how I usually test SSL endpoint's (dedicated instances though). For shared instances, it is done with hostname supplied as argument.

@niden And now the forum has a bug that won't load any notifications, and even the data on the "My answers" etc. tabs won't load. Posts are gone in profiles too.

@stamster The notifications issue needs a bit more work because it relates to Github. We need to do a bit of work on that to ensure that everything is OK.

Thanks for the understanding.