Skip to content

Instantly share code, notes, and snippets.

@aussielunix

aussielunix/README.md

Last active January 7, 2019 03:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save aussielunix/d1fc726bb3e492849b770a77860893d3 to your computer and use it in GitHub Desktop.
Save aussielunix/d1fc726bb3e492849b770a77860893d3 to your computer and use it in GitHub Desktop.
Download ZIP
nokogiri ssl issue
Raw
README.md

nokogiri tls issues

Without https or the www
Forced redirect to https://www

lunix@boran]  -> curl -I http://nokogiri.org/
HTTP/1.1 301 Moved Permanently
Server: GitHub.com
Content-Type: text/html
Location: https://www.nokogiri.org/
X-GitHub-Request-Id: B568:08C6:429D1EE:4AEA28A:5C32BE57
Content-Length: 178
Accept-Ranges: bytes
Date: Mon, 07 Jan 2019 02:50:03 GMT
Via: 1.1 varnish
Age: 3
Connection: keep-alive
X-Served-By: cache-syd18925-SYD
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1546829403.014666,VS0,VE0
Vary: Accept-Encoding
X-Fastly-Request-ID: 8502660efe388ac663e4112f7371ff04b86601a9

With https but no www

lunix@boran]  -> curl -I https://nokogiri.org/
curl: (51) SSL: certificate subject name (www.github.com) does not match target host name 'nokogiri.org'

Has a github.com ssl cert which fails as it does not match.
Let's try again ignoring ssl errors

lunix@boran]  -> curl -k -I https://nokogiri.org/

HTTP/1.1 301 Moved Permanently
Server: GitHub.com
Content-Type: text/html
Location: https://www.nokogiri.org/
X-GitHub-Request-Id: AAEA:08C3:2ED288D:349EC01:5C32BC84
Content-Length: 178
Accept-Ranges: bytes
Date: Mon, 07 Jan 2019 02:45:43 GMT
Via: 1.1 varnish
Age: 210
Connection: keep-alive
X-Served-By: cache-syd18930-SYD
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1546829144.939001,VS0,VE1
Vary: Accept-Encoding
X-Fastly-Request-ID: ae1d0f0d50679a999b69766cae216e95a1231ecf

We see that it wants to 301 us over to https://www.nokogiri.org/

Github Support instructs you to use A records for the domain apex pointing to the following IP's, unless you have the ability to do ANAME or ALIAS record types.

lunix@boran]  -> dig +noall +answer  nokogiri.org 
nokogiri.org.		300	IN	A	185.199.110.153
nokogiri.org.		300	IN	A	185.199.108.153
nokogiri.org.		300	IN	A	185.199.109.153
nokogiri.org.		300	IN	A	185.199.111.153
[~]
lunix@boran]  -> curl -I -H "Host: www.nokogiri.org" https://185.199.108.153
curl: (51) SSL: certificate subject name (www.github.com) does not match target host name '185.199.108.153'
[~]
lunix@boran]  -> curl -I -H "Host: www.nokogiri.org" https://185.199.110.153
curl: (51) SSL: certificate subject name (www.github.com) does not match target host name '185.199.110.153'
[~]
lunix@boran]  -> curl -I -H "Host: www.nokogiri.org" https://185.199.109.153
curl: (51) SSL: certificate subject name (www.github.com) does not match target host name '185.199.109.153'
[~]
lunix@boran]  -> curl -I -H "Host: www.nokogiri.org" https://185.199.111.153
curl: (51) SSL: certificate subject name (www.github.com) does not match target host name '185.199.111.153'

Conclusion

The domain apex nokogiri.org responds with ssl cert for github.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment