Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > perl.cpan.workers > #727

Re: Could not upload tarball to PAUSE from server

Newsgroups perl.cpan.workers
Message-ID <43a22229-412f-dd1f-bcae-eabf9768dea8@pobox.com> (permalink)
Date 2023-10-08 09:59 -0400
Subject Re: Could not upload tarball to PAUSE from server
References <c170a746-3aba-45f7-2668-5084212f0ace@pobox.com> <ZSIjELuUn1pEyJ7C@venus.tony.develop-help.com>
From jkeenan@pobox.com (James E Keenan)

Show all headers | View raw

On 10/7/23 23:33, Tony Cook wrote:
 > On Sat, Oct 07, 2023 at 10:37:36PM -0400, James E Keenan wrote:
 >> The only thing which I think is different from my last CPAN upload 
is that
 >> about a month ago I upgraded my server from http:// to https://.  I 
have not
 >> encountered any problems with the server since then.  The file 
permissions
 >> on the tarballs I was trying to upload are 0644 -- same as all the other
 >> dozens of tarballs I've uploaded from that server.
 >>
 >> Any ideas as to why I could not upload from my server (for the first 
time in
 >> 18 years!)?
 >
 > For some reason it can't verify the certificate:
 >
 > 2023-10-08 02:47:59 $$1354 v1049: Alert: nosuccesscount[10] 
error[Can't connect to thenceforward.net:443 (certificate verify 
failed)] (paused:708)
 >
 > You might try testing your site with:
 >
 > https://www.ssllabs.com/ssltest/
 >
 > which will detect problems that might not show in a browser.

When I switched from http:// to https:// in late September, I performed 
that ssltest on each of the three hosts I run off this machine/IP 
address.  Two of the three hosts were graded 'A'; one (which is not as 
important) was graded 'A' but only for IPv4.

####
https://www.ssllabs.com/ssltest/analyze.html?d=thenceforward.net  A
https://www.ssllabs.com/ssltest/analyze.html?d=jamesekeenan.com   A
https://www.ssllabs.com/ssltest/analyze.html?d=lerner-minsky.org  A only 
on ipv4
####

I re-performed these tests this morning.  In my first pass for 
thenceforward.net (which is the hostname PAUSE would have been looking 
for), the test hung indefinitely showing an ever spinning spike-wheel 
and "Please wait...Testing NPN"

My first pass for jamesekeenan.com got farther in the process.  After 
about 10 minutes it was still at:  "Please wait... 95% complete 
Simulating handshakes".  The process then appeared to hang indefinitely.

I hit the Clear Cache process and started anew testing 
thenceforward.net.  This time the process gave me an Overall Rating of 
'A' (better than google.com!) along with a wealth of other data, most of 
which did not seem anomalous.  In what follows I'm only pointing out 
those anomalies:

#####
Certificate #1: EC 256 bits (SHA256withRSA): Only thing which looks 
anomalous is: "DNS CAA  No (more info)"

Subject 	thenceforward.net
Fingerprint SHA256: 
d71a64c0cb54787620cf4341ae28041b7e1b1d173785443337bbb2eb4d2923cb
Pin SHA256: P5vJZqpxQIYZPF3D8iMCtr5q/3eE6XlQyzK/IWnm60U=
Common names 	thenceforward.net
Alternative names 	thenceforward.net www.thenceforward.net
Serial Number 	041ea3bd1884e0f09546ccd19e8b061c6588

Additional certificates (if supplied):  R3 no anomalies.  ISRG Root X1 
no anomalies.

Certification Paths:

Mozilla / Apple / Java

Path #1: Trusted: no anomalies

Path #2: Not trusted (path does not chain to a trusted anchor):  DST 
Root CA X3   Self-signed
* This is described as Extra download;  Not in trust store. RSA 2048 
bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
EXPIRED
Weak or insecure signature, but no impact on root certificate

Android / Windows

RSA 2048 bits is in trust store but has expired

Certificate #2: EC 256 bits (SHA256withRSA) No SNI

Subject 	jamesekeenan.com
Fingerprint SHA256: 
e64efa87924731fb4e7e1e893e61b46e1745299f249d5186c6dfe638f6d75df3
Pin SHA256: OonVyaTHdqBFC4MU4xN3fEko/1BdMoqGNswfbXx8DGI=
Common names 	jamesekeenan.com
Alternative names 	jamesekeenan.com www.jamesekeenan.com   MISMATCH
#####	

 >
 > It might be the host performing the fetch is missing the root
 > certificate needed for your LetsEncrypt certificate, but ssltest is
 > the place to start.
 >

Is there any indication in the data above to support that hypothesis? 
If not, where do we go from here?

 > Tony

Thank you very much for taking the time to review this problem.

Jim Keenan

Back to perl.cpan.workers | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Could not upload tarball to PAUSE from server jkeenan@pobox.com (James E Keenan) - 2023-10-07 22:37 -0400
  Re: Could not upload tarball to PAUSE from server tony@develop-help.com (Tony Cook) - 2023-10-08 14:33 +1100
    Re: Could not upload tarball to PAUSE from server jkeenan@pobox.com (James E Keenan) - 2023-10-08 09:59 -0400
      Re: Could not upload tarball to PAUSE from server tony@develop-help.com (Tony Cook) - 2023-10-09 09:38 +1100
        Re: Could not upload tarball to PAUSE from server jkeenan@pobox.com (James E Keenan) - 2023-10-16 12:45 -0400

csiph-web