SSL Certificate Replaced
log in

Advanced search

Message boards : News : SSL Certificate Replaced

Previous · 1 · 2 · 3 · 4 · 5 · Next
Author Message
Chris Cambridge
Send message
Joined: 25 Oct 16
Posts: 13
Credit: 12,283,868
RAC: 105
Message 23279 - Posted: 9 Nov 2016, 12:18:31 UTC
Last modified: 9 Nov 2016, 12:19:14 UTC

On Windows to flush your DNS, do this:

Press the start button, if you have a search box type into it, if not just type:

cmd (press enter)

ipconfig /flushdns (press enter)

This will flush your DNS; however I personally did that days ago and it did not make any difference.

Chris

Profile entigy
Send message
Joined: 1 Jul 10
Posts: 11
Credit: 154,866,043
RAC: 247,917
Message 23282 - Posted: 9 Nov 2016, 13:34:07 UTC - in response to Message 23262.

Sorry, ALL 4 problems.... I believe... as this conversation cannot ever fail on any sign-in.



Forum post from BoincStats admin Willy today:

"Posted Today at 07:46:25
The project doesn't export its stats since November 8th and therefore BOINCstats can't show the latest credit."

*Sad Face*
The sad face is mine BTW.

Profile Slicker
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist
Avatar
Send message
Joined: 11 Jun 09
Posts: 2525
Credit: 740,580,099
RAC: 2
Message 23283 - Posted: 9 Nov 2016, 14:30:58 UTC - in response to Message 23282.

Sorry, ALL 4 problems.... I believe... as this conversation cannot ever fail on any sign-in.



Forum post from BoincStats admin Willy today:

"Posted Today at 07:46:25
The project doesn't export its stats since November 8th and therefore BOINCstats can't show the latest credit."

*Sad Face*
The sad face is mine BTW.


That is not correct.

drwxrwx--x 2 boincadm boincadm 4096 Nov 9 06:46 stats
drwxrwx--x 2 boincadm boincadm 4096 Nov 7 02:46 stats_2016_11_7_6_46_48
drwxrwx--x 2 boincadm boincadm 4096 Nov 8 06:46 stats_2016_11_8_10_46_47
drwxrwx--x 2 boincadm boincadm 4096 Nov 8 10:46 stats_2016_11_8_14_46_47
drwxrwx--x 2 boincadm boincadm 4096 Nov 8 14:46 stats_2016_11_8_18_46_46
drwxrwx--x 2 boincadm boincadm 4096 Nov 8 18:46 stats_2016_11_8_22_46_45
drwxrwx--x 2 boincadm boincadm 4096 Nov 7 22:46 stats_2016_11_8_2_46_46
drwxrwx--x 2 boincadm boincadm 4096 Nov 8 02:46 stats_2016_11_8_6_46_47
drwxrwx--x 2 boincadm boincadm 4096 Nov 8 22:46 stats_2016_11_9_2_46_47
drwxrwx--x 2 boincadm boincadm 4096 Nov 9 02:46 stats_2016_11_9_6_46_47


drwxrwx--x 2 boincadm boincadm 4096 Nov 9 06:46 .
drwxr-xr-x 19 boincadm boincadm 32768 Nov 9 06:46 ..
-rw-r--r-- 1 boincadm boincadm 701 Nov 9 06:46 db_dump.xml
-rw-r--r-- 1 boincadm boincadm 56780605 Nov 9 06:46 host.gz
-rw-r--r-- 1 boincadm boincadm 493 Nov 9 06:46 tables.xml
-rw-r--r-- 1 boincadm boincadm 275520 Nov 9 06:46 team.gz
-rw-r--r-- 1 boincadm boincadm 4174989 Nov 9 06:45 user.gz

Profile Slicker
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist
Avatar
Send message
Joined: 11 Jun 09
Posts: 2525
Credit: 740,580,099
RAC: 2
Message 23284 - Posted: 9 Nov 2016, 14:32:48 UTC

If there's an issue with the cert, then why are there no warning in any browser I've tried with any URL (e.g. https://boinc.thesonntags.com/collatz/forum_thread.php?id=1351&postid=23283#23283 )

Eric
Send message
Joined: 20 Jan 13
Posts: 12
Credit: 655,848,168
RAC: 0
Message 23286 - Posted: 9 Nov 2016, 16:04:14 UTC - in response to Message 23284.

If there's an issue with the cert, then why are there no warning in any browser I've tried with any URL (e.g. https://boinc.thesonntags.com/collatz/forum_thread.php?id=1351&postid=23283#23283 )


Jon,
Using the Account Keys option in my account page just now, I get the following error:

11/10/16 12:00:18 AM | | Fetching configuration file from https://boinc.thesonntags.com/collatz/get_project_config.php
11/10/16 12:00:20 AM | | Project communication failed: attempting access to reference site
11/10/16 12:00:23 AM | | Internet access OK - project servers may be temporarily down.

Hope this helps.

Profile Beyond
Avatar
Send message
Joined: 30 Jul 09
Posts: 213
Credit: 939,653,252
RAC: 4,382
Message 23287 - Posted: 9 Nov 2016, 16:27:52 UTC - in response to Message 23279.

On Windows to flush your DNS, do this:

Press the start button, if you have a search box type into it, if not just type:

cmd (press enter)

ipconfig /flushdns (press enter)

This will flush your DNS; however I personally did that days ago and it did not make any difference.

Chris

Flushing the DNS and restarting the router doesn't help here either.
Still can't attach new/detached computers or DL or return work.
Have run Collatz for years, now can't. What's the answer?

Profile Slicker
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist
Avatar
Send message
Joined: 11 Jun 09
Posts: 2525
Credit: 740,580,099
RAC: 2
Message 23289 - Posted: 9 Nov 2016, 17:15:26 UTC - in response to Message 23287.

On Windows to flush your DNS, do this:

Press the start button, if you have a search box type into it, if not just type:

cmd (press enter)

ipconfig /flushdns (press enter)

This will flush your DNS; however I personally did that days ago and it did not make any difference.

Chris

Flushing the DNS and restarting the router doesn't help here either.
Still can't attach new/detached computers or DL or return work.
Have run Collatz for years, now can't. What's the answer?


I have no such issues accessing the boinc server at my house from computers at work. It appears to still be a DNS resolution issue.

From a command prompt, what does "nslookup boinc.thesonntags.com" report?

Eric
Send message
Joined: 20 Jan 13
Posts: 12
Credit: 655,848,168
RAC: 0
Message 23290 - Posted: 9 Nov 2016, 17:46:07 UTC - in response to Message 23289.

On Windows to flush your DNS, do this:

Press the start button, if you have a search box type into it, if not just type:

cmd (press enter)

ipconfig /flushdns (press enter)

This will flush your DNS; however I personally did that days ago and it did not make any difference.

Chris

Flushing the DNS and restarting the router doesn't help here either.
Still can't attach new/detached computers or DL or return work.
Have run Collatz for years, now can't. What's the answer?


I have no such issues accessing the boinc server at my house from computers at work. It appears to still be a DNS resolution issue.

From a command prompt, what does "nslookup boinc.thesonntags.com" report?


I have exactly the same problem as Beyond: we cannot attach any new or re-attach detached computers.

nslookup boinc.thesonntags.com results in:

Non-authoritative answer:
Name: boinc.thesonntags.com
Address: 73.75.172.167

So I guess the DNS is ok.

Whenever I attempt to reattach my computer, I get these error messages:
11/10/16 1:40:34 AM | | Fetching configuration file from https://boinc.thesonntags.com/collatz/get_project_config.php
11/10/16 1:40:37 AM | | Project communication failed: attempting access to reference site
11/10/16 1:40:39 AM | | Internet access OK - project servers may be temporarily down.


Is the get_project_config.php file missing or corrupt?

Thanks.

Chris Cambridge
Send message
Joined: 25 Oct 16
Posts: 13
Credit: 12,283,868
RAC: 105
Message 23291 - Posted: 9 Nov 2016, 17:52:51 UTC - in response to Message 23289.

Hi,

If I run nslookup boinc.thesonntags.com on cmd, I get:

Server: Unknown
Address: 192.168.0.1

Non-authoriate answer

Name: boinc.thesonntags.com
Address: 73.75.172.167

Thanks,

Chris

Profile James Lee*
Avatar
Send message
Joined: 10 Sep 15
Posts: 27
Credit: 4,284,523,040
RAC: 1,454,963
Message 23292 - Posted: 9 Nov 2016, 17:53:58 UTC
Last modified: 9 Nov 2016, 17:55:06 UTC

Slicker, On a machine not working it shows "Server: ns1.pld.com", "Address: 206.253.33.130", then it also will show "Non-authoritative answer: Name: boinc.thesonntags.com Address: 73.75.172.167". For a machine that works, I get "Server: Unknown Address: 192.168.10.1", and then "Non-authoritative answer: Name: boinc.thesonntags.com Address: 73.75.172.167".

I think the 206.253.33.130 is a dns server outside of my control, and I have done all the dns flushings as possible. On one that works, the 192.168.10.1 address is my internal network gateway.
Does seem to point to a DNS problem, as we suspected, but I cannot seem to find a cure. It is just amazing that some of my machines work, and some don't, and there is only one way to get to the Internet from here. Flushings, reboots, and resetting my gateways make no difference. Sheesh!
BTW, IMHO, you do a great job here. It's tougher to run this site than most realize.

Going out now to reset the primary modem/server that controls this area of town. And will leave it off for about 10 minutes, so that EVERYTHING and ANYTHING is flushed and cannot be re-transmitted.
____________

Profile Beyond
Avatar
Send message
Joined: 30 Jul 09
Posts: 213
Credit: 939,653,252
RAC: 4,382
Message 23293 - Posted: 9 Nov 2016, 17:54:09 UTC - in response to Message 23289.

From a command prompt, what does "nslookup boinc.thesonntags.com" report?

Non-authoritative answer:
Name: boinc.thesonntags.com
Address: 73.75.172.167

Eric
Send message
Joined: 20 Jan 13
Posts: 12
Credit: 655,848,168
RAC: 0
Message 23294 - Posted: 9 Nov 2016, 17:58:38 UTC - in response to Message 23292.

Slicker, On a machine not working it shows "Server: ns1.pld.com", "Address: 206.253.33.130", then it also will show "Non-authoritative answer: Name: boinc.thesonntags.com Address: 73.75.172.167". For a machine that works, I get "Server: Unknown Address: 192.168.10.1", and then "Non-authoritative answer: Name: boinc.thesonntags.com Address: 73.75.172.167".

I think the 206.253.33.130 is a dns server outside of my control, and I have done all the dns flushings as possible. On one that works, the 192.168.10.1 address is my internal network gateway.
Does seem to point to a DNS problem, as we suspected, but I cannot seem to find a cure. It is just amazing that some of my machines work, and some don't, and there is only one way to get to the Internet from here. Flushings, reboots, and resetting my gateways make no difference. Sheesh!
BTW, IMHO, you do a great job here. It's tougher to run this site than most realize.

Going out now to reset the primary modem/server that controls this area of town. And will leave it off for about 10 minutes, so that EVERYTHING and ANYTHING is flushed and cannot be re-transmitted.


Seems to be an ISP or a telco:
Pioneer Long Distance PLD (NET-206-253-32-0-1) 206.253.32.0 - 206.253.63.255
Pioneer Internet PLD-INET-2 (NET-206-253-33-128-1) 206.253.33.128 - 206.253.33.255

Chris Cambridge
Send message
Joined: 25 Oct 16
Posts: 13
Credit: 12,283,868
RAC: 105
Message 23295 - Posted: 9 Nov 2016, 18:29:02 UTC
Last modified: 9 Nov 2016, 18:38:41 UTC

Hi,

Just as an update re: DNS..

I have 2 machines using the same broadband router both on wifi.

Both machines have Collatz added, and yet one machine can get WUs, the other cannot and gets deffered for 24 hours.

Clearly they both use the same DNS via the router.

The machine that cannot get WUs had collatz added in the last week or so, the machine that can get WUs had Collatz added 2/3+ weeks ago.

The two machines are called DELL-2XEON-001 (WUs) and DELL-2XEON-002 (no WUs).

Thanks,

Chris

ALIENPOWER
Send message
Joined: 25 Nov 15
Posts: 2
Credit: 832,012,256
RAC: 0
Message 23296 - Posted: 9 Nov 2016, 18:51:26 UTC

I am getting 0 credit for 2 weeks. Task page is full of completed tasks. Why?

Profile James Lee*
Avatar
Send message
Joined: 10 Sep 15
Posts: 27
Credit: 4,284,523,040
RAC: 1,454,963
Message 23297 - Posted: 9 Nov 2016, 19:00:17 UTC
Last modified: 9 Nov 2016, 19:08:05 UTC

Yes, Chris, this is a real head-scratcher. I just reset/powered down all my equipment (even the network servers for this part of town) for 15 minutes to be sure everything was flushed out.. even flushed dns before and after power up of machines. But, to no avail.
Slicker... I still get the same responses to all ip and ns commands.
One thing that is also common - When asking for a Collatz update on a machine that works, after the "update requested by user" message, boinc comes back with a response of "Sending scheduler request: Requested by user." On a machine that does NOT work, the response boinc comes back with is "Fetching scheduler list". After THAT message, you know it isn't going to work.
Alienpower... That's what we are trying to figure out.
____________

Profile James Lee*
Avatar
Send message
Joined: 10 Sep 15
Posts: 27
Credit: 4,284,523,040
RAC: 1,454,963
Message 23298 - Posted: 9 Nov 2016, 20:10:31 UTC
Last modified: 9 Nov 2016, 20:25:05 UTC

OK... Now it may not be a DNS problem. I modified my DNS servers to the OpenDNS servers (Primary - 208.67.222.222, Secondary - 208.67.220.220 Flushed dns and rebooted, and checked to be sure they were set right. Still, the same problem. SO then I tried Google DNS servers (Primary - 8.8.8.8, Secondary - 8.8.4.4) and the same procedure to ensure they were my servers and still no luck.
OK.. I can try anything. Anyone else have any ideas? I have 12 machines and only 3 are working. And, they are so different in configuration (as all 12 are), that there are not any consistent oddities that stand out as a fix.
Also, have even booted windows in safe mode with networking just to see if any local software was a problem. Same result... Deng.
____________

M0CZY
Avatar
Send message
Joined: 28 Aug 11
Posts: 8
Credit: 1,421,574
RAC: 0
Message 23299 - Posted: 9 Nov 2016, 20:23:37 UTC

When I access the Collatz Conjecture webpage from the browser in my android device, I get a security warning:

"There are problems with the security certificate for this site."

When I select View cert I get:

"This certificate isn't from a trusted authority."
____________
The biggest threat to public safety and security is not terrorism, it is Government abuse of authority.

Bitcoin Donations: 1Le52kWoLz42fjfappoBmyg73oyvejKBR3

fractal
Send message
Joined: 11 Jul 09
Posts: 14
Credit: 1,001,340,489
RAC: 0
Message 23300 - Posted: 9 Nov 2016, 20:45:47 UTC
Last modified: 9 Nov 2016, 20:52:55 UTC

This doesn't look like a DNS issue. It looks like a certificate issue.

I got it to work temporarily by editing client_state.xml and replacing https with http for collatz. Unfortunately it reset itself overnight and I am back to getting no work.

Boinc uses libcurl to access the site so it is very easy to debug


curl -v https://boinc.thesonntags.com/collatz/
* Hostname was NOT found in DNS cache
* Trying 73.75.172.167...
* Connected to boinc.thesonntags.com (73.75.172.167) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.


So, the issuer's CA isn't trusted. Let's see what the checkers think.

https://www.ssllabs.com/ssltest/analyze.html?d=boinc.thesonntags.com thinks your trust chain isn't very good, just like curl.

Neither does https://sslanalyzer.comodoca.com/?url=boinc.thesonntags.com

You may be able to convince your volunteers to install the StartCom Class 1 certificate in their systems so they can connect, but it may be better if you get a certificate from a trusted authority.

Google is your friend btw. See https://www.google.com/search?q=startcom+certification+authority+not+trusted

Profile Slicker
Volunteer moderator
Project administrator
Project developer
Project tester
Project scientist
Avatar
Send message
Joined: 11 Jun 09
Posts: 2525
Credit: 740,580,099
RAC: 2
Message 23301 - Posted: 9 Nov 2016, 21:16:06 UTC - in response to Message 23290.


Whenever I attempt to reattach my computer, I get these error messages:
11/10/16 1:40:34 AM | | Fetching configuration file from https://boinc.thesonntags.com/collatz/get_project_config.php
11/10/16 1:40:37 AM | | Project communication failed: attempting access to reference site
11/10/16 1:40:39 AM | | Internet access OK - project servers may be temporarily down.


Is the get_project_config.php file missing or corrupt?

Thanks.



https://boinc.thesonntags.com/collatz/get_project_config.php

Copy and past the link into your browser and then you tell me. It works 100% of the time when I do it.

Take a look at the boinc client version you are using and then look at the version that others are using where it works. Are they the same?

fractal
Send message
Joined: 11 Jul 09
Posts: 14
Credit: 1,001,340,489
RAC: 0
Message 23302 - Posted: 9 Nov 2016, 21:25:50 UTC
Last modified: 9 Nov 2016, 21:31:48 UTC

Success.

The following script let my Ubuntu Linux machine fetch work.

cd /etc/ssl/certs/
sudo wget https://www.startssl.com/certs/sca.server1.crt
sudo ln -s sca.server1.crt 7f8496de.0


It downloads the Startcom intermediate certificate and installs it in the ssl certificate library.

Startcom has documentation on how the web server can publish the intermediate certificate to avoid this if you have access to the web server.

http://security.stackexchange.com/questions/57535/why-do-i-need-to-install-the-startcom-intermediate-certificate explains it in detail and explains why checking in your browser does not help boinc which uses libcurl.

Sorry, but windows users are on their own to figure out where to put the certificate.

Previous · 1 · 2 · 3 · 4 · 5 · Next
Post to thread

Message boards : News : SSL Certificate Replaced


Main page · Your account · Message boards


Copyright © 2018 Jon Sonntag; All rights reserved.