[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Mark Sapiro]

On 2/27/19 10:08 AM, Ye Xiaoxing wrote:
> 
> Since 2018, Readthedocs.org has partnered up with Cloudflare (blog: 
> http://blog.readthedocs.com/https-for-custom-domains/). The only thing we 
> need to do is to update the CNAME to point to readthedocs.io.


It appears you are correct. Thank you for the info.

Unfortunately, I personally do not control the DNS for either list.org
or mailman3.org so someone else will have to update the CNAMEs for
docs.mailman3.org and docs.list.org and possibly update the readthedocs
project to add those domains if they aren't already there.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Ye Xiaoxing]

Abhilash Raj wrote:
> On Wed, Feb 27, 2019, at 8:44 AM, Ye Xiaoxing wrote:
> >  You are welcomed 😊 Let me see if there is any chance I get ideas to
> > apply.
> >  
> >  BTW another problem:
> >  In GSoC Ideas Page >  2019>, the link to the GSoC Student Guide 
> >   is broken. It should be 
> >  https://google.github.io/gsocguides/student/ instead.
> >  
> >  The wiki page is immutable, and so I post here. 
> It's not, you can sign up and request edit access by sending an email
> to mailman-cabal(a)python.org :)

Thanks for letting me know. If I find more errors I will consider requesting 
one.

> 
> I fixed that link too, it used to work until 2017!

Well, internet changes a lot every minute. Actually according to Web Archive, 
it was working until last November.

> 
> >  On 2019/2/28, 12:32 AM, "Abhilash Raj"
> >  >  
> >  Hi Ye,
> >  
> >  On Wed, Feb 27, 2019, at 8:27 AM, Ye Xiaoxing wrote:
> >  > Dear Mailman Developers,
> >  > 
> >  > TL; DR: Please change the CNAME record of *docs.mailman3.org
> >  > * from gnu-mailman.readthedocs.org to 
> >  *readthedocs.io
> >  > *.
> >  > 
> >  > I would like to raise the awareness that 
> >  https://docs.mailman3.org is
> >  > having a wrong SSL certificate due to DNS misconfigure.
> >  > 
> >  > I once saw the Mailman 3 project in GSoC orgs page, and since I 
> >  have
> >  > configured mailman before I would like to know about the ideas, I 
> >  click on
> >  > the docs link. Wow, not secure.
> >  > 
> >  > Since the prompt tells me it is using *.readthedocs.org, I dig 
> >  into the doc
> >  > of RTD 
> >  (https://docs.readthedocs.io/en/latest/custom_domains.html) and it
> >  > tells it support custom domain SSL with some limitations. So, `dig
> >  > docs.mailman3.org`, got you, an old (may not wrong?) record.
> >  > 
> >  > Because the link is already published on GSoC, I don't know if it 
> >  is
> >  > possible to change from https to http. So the better way might be 
> >  support
> >  > https :).
> >  
> >  Thanks for noticing and letting us know! I have updated the GSoC 
> >  description
> >  page to reflect the http:// URL of the docs while we try to fix the 
> >  original problem.
> >  
> >  > 
> >  > 
> >  > Regards,
> >  > Xiaoxing Ye
> >  > ___
> >  > Mailman-Developers mailing list -- mailman-developers(a)python.org
> >  > To unsubscribe send an email to mailman-developers-leave(a)python.org
> >  > https://mail.python.org/mailman3/lists/mailman-developers.python.org/
> >  > Mailman FAQ: https://wiki.list.org/x/AgA3
> >  > 
> >  > Security Policy: https://wiki.list.org/x/QIA9
> >  >
> >  
> >  -- 
> >thanks,
> >Abhilash Raj (maxking)
> >  
> >
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Ye Xiaoxing]

I think it should help.

Thanks to Let's Encrypt, HTTPS has become a popular thing.

Since 2018, Readthedocs.org has partnered up with Cloudflare (blog: 
http://blog.readthedocs.com/https-for-custom-domains/). The only thing we need 
to do is to update the CNAME to point to readthedocs.io.

The reason why it works is, why we are trying to access readthedocs.io's server 
with docs.mailman3.org, we are actually accessing cloudflare server (dig 
readthedocs.io will find it). Cloudflare will then attempt to issue a DV SSL 
cert for the domain we are using (docs.mailman3.org for example). According to 
the CAB Forum, it is acceptable if cloudflare is able to verify the control via 
HTTP request, in this case of course.

Cloudflare itself now has a intermediate CA so they can issue a better-looking 
certificate, with the domain on the DV cert, instead of putting in a SAN.

Take another site as an example. https://docs.godotengine.org is hosted on 
readthedocs.org, and if we dig the domain (result here 
https://pastebin.aosc.io/paste/B61zNDovLWXIxXrxqsXmRw), you will see it simply 
CNAME to readthedocs.io. 

In my opinion, there are two things we shall do,
1. Update the CNAME
2. See the status of the certificate on the domain page in project admin 
dashboard (Domains > Edit Domain)

There are some other ways. Such as use a reverse proxy to host docs, or simply 
redirect to . It is up to you guys.

Hope I am not making mistakes :)

Side note: Adopting s similar approach, GitHub Pages supports custom domain 
HTTPS though they are using Fastly.

Best,
Xiaoxing Ye
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Mark Sapiro]

On 2/27/19 8:31 AM, Abhilash Raj wrote:
> Hi Ye,
> 
> On Wed, Feb 27, 2019, at 8:27 AM, Ye Xiaoxing wrote:
>> Dear Mailman Developers,
>>
>> TL; DR: Please change the CNAME record of docs.mailman3.org from 
>> gnu-mailman.readthedocs.org to readthedocs.io.


That won't help. You can go to  and
you won't encounter any certificate issue as the certificate is valid
for *.readthedocs.io. The issue is when you go to
 or , you wind up at
gnu-mailman.readthedocs.org, but your browser still sees that you went
to docs.mailman3.org or docs.list.org and the readthedocs.io certificate
doesn't list those domains.

We don't have any control over the readthedocs.io certificate so we
can't fix it in that way.


> Thanks for noticing and letting us know! I have updated the GSoC description
> page to reflect the http:// URL of the docs while we try to fix the original 
> problem.


One possible way to fix this is to change the CNAMEs for
docs.mailman3.org and docs.list.org to point to a server we do control
like mail.mailman3.org and update its certificate for those domains and
update its web server to redirect those requests to


-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Abhilash Raj]

On Wed, Feb 27, 2019, at 8:44 AM, Ye Xiaoxing wrote:
> You are welcomed 😊 Let me see if there is any chance I get ideas to apply.
> 
> BTW another problem:
> In GSoC Ideas Page 2019>, the link to the GSoC Student Guide 
>  is broken. It should be 
> https://google.github.io/gsocguides/student/ instead.
> 
> The wiki page is immutable, and so I post here.

It's not, you can sign up and request edit access by sending an email
to mailman-ca...@python.org :)

I fixed that link too, it used to work until 2017!

> On 2019/2/28, 12:32 AM, "Abhilash Raj"  wrote:
> 
> Hi Ye,
> 
> On Wed, Feb 27, 2019, at 8:27 AM, Ye Xiaoxing wrote:
> > Dear Mailman Developers,
> > 
> > TL; DR: Please change the CNAME record of *docs.mailman3.org
> > * from gnu-mailman.readthedocs.org to 
> *readthedocs.io
> > *.
> > 
> > I would like to raise the awareness that 
> https://docs.mailman3.org is
> > having a wrong SSL certificate due to DNS misconfigure.
> > 
> > I once saw the Mailman 3 project in GSoC orgs page, and since I 
> have
> > configured mailman before I would like to know about the ideas, I 
> click on
> > the docs link. Wow, not secure.
> > 
> > Since the prompt tells me it is using *.readthedocs.org, I dig 
> into the doc
> > of RTD 
> (https://docs.readthedocs.io/en/latest/custom_domains.html) and it
> > tells it support custom domain SSL with some limitations. So, `dig
> > docs.mailman3.org`, got you, an old (may not wrong?) record.
> > 
> > Because the link is already published on GSoC, I don't know if it 
> is
> > possible to change from https to http. So the better way might be 
> support
> > https :).
> 
> Thanks for noticing and letting us know! I have updated the GSoC 
> description
> page to reflect the http:// URL of the docs while we try to fix the 
> original problem.
> 
> > 
> > 
> > Regards,
> > Xiaoxing Ye
> > ___
> > Mailman-Developers mailing list -- mailman-developers@python.org
> > To unsubscribe send an email to mailman-developers-le...@python.org
> > https://mail.python.org/mailman3/lists/mailman-developers.python.org/
> > Mailman FAQ: https://wiki.list.org/x/AgA3
> > 
> > Security Policy: https://wiki.list.org/x/QIA9
> >
> 
> -- 
>   thanks,
>   Abhilash Raj (maxking)
> 
>

-- 
  thanks,
  Abhilash Raj (maxking)
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Ye Xiaoxing]

You are welcomed 😊 Let me see if there is any chance I get ideas to apply.

BTW another problem:
In GSoC Ideas Page, the 
link to the GSoC Student Guide  
is broken. It should be https://google.github.io/gsocguides/student/ instead.

The wiki page is immutable, and so I post here.

On 2019/2/28, 12:32 AM, "Abhilash Raj"  wrote:

Hi Ye,

On Wed, Feb 27, 2019, at 8:27 AM, Ye Xiaoxing wrote:
> Dear Mailman Developers,
> 
> TL; DR: Please change the CNAME record of *docs.mailman3.org
> * from gnu-mailman.readthedocs.org to 
*readthedocs.io
> *.
> 
> I would like to raise the awareness that https://docs.mailman3.org is
> having a wrong SSL certificate due to DNS misconfigure.
> 
> I once saw the Mailman 3 project in GSoC orgs page, and since I have
> configured mailman before I would like to know about the ideas, I click on
> the docs link. Wow, not secure.
> 
> Since the prompt tells me it is using *.readthedocs.org, I dig into the 
doc
> of RTD (https://docs.readthedocs.io/en/latest/custom_domains.html) and it
> tells it support custom domain SSL with some limitations. So, `dig
> docs.mailman3.org`, got you, an old (may not wrong?) record.
> 
> Because the link is already published on GSoC, I don't know if it is
> possible to change from https to http. So the better way might be support
> https :).

Thanks for noticing and letting us know! I have updated the GSoC description
page to reflect the http:// URL of the docs while we try to fix the 
original problem.

> 
> 
> Regards,
> Xiaoxing Ye
> ___
> Mailman-Developers mailing list -- mailman-developers@python.org
> To unsubscribe send an email to mailman-developers-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-developers.python.org/
> Mailman FAQ: https://wiki.list.org/x/AgA3
> 
> Security Policy: https://wiki.list.org/x/QIA9
>

-- 
  thanks,
  Abhilash Raj (maxking)

___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

[Mailman-Developers] Re: (Maybe) misconfigured docs.mailman3.org DNS & SSL

[Abhilash Raj]

Hi Ye,

On Wed, Feb 27, 2019, at 8:27 AM, Ye Xiaoxing wrote:
> Dear Mailman Developers,
> 
> TL; DR: Please change the CNAME record of *docs.mailman3.org
> * from gnu-mailman.readthedocs.org to 
> *readthedocs.io
> *.
> 
> I would like to raise the awareness that https://docs.mailman3.org is
> having a wrong SSL certificate due to DNS misconfigure.
> 
> I once saw the Mailman 3 project in GSoC orgs page, and since I have
> configured mailman before I would like to know about the ideas, I click on
> the docs link. Wow, not secure.
> 
> Since the prompt tells me it is using *.readthedocs.org, I dig into the doc
> of RTD (https://docs.readthedocs.io/en/latest/custom_domains.html) and it
> tells it support custom domain SSL with some limitations. So, `dig
> docs.mailman3.org`, got you, an old (may not wrong?) record.
> 
> Because the link is already published on GSoC, I don't know if it is
> possible to change from https to http. So the better way might be support
> https :).

Thanks for noticing and letting us know! I have updated the GSoC description
page to reflect the http:// URL of the docs while we try to fix the original 
problem.

> 
> 
> Regards,
> Xiaoxing Ye
> ___
> Mailman-Developers mailing list -- mailman-developers@python.org
> To unsubscribe send an email to mailman-developers-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-developers.python.org/
> Mailman FAQ: https://wiki.list.org/x/AgA3
> 
> Security Policy: https://wiki.list.org/x/QIA9
>

-- 
  thanks,
  Abhilash Raj (maxking)
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9