Page MenuHomeMiraheze

miraheze.org wildcard cert doesn't allow fourth-level subdomains - add HSTS and there's no way to access these at all
Closed, InvalidPublic

Description

In Firefox:

Your connection is not secure

The owner of https://gl.wikimerda.miraheze.org has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

In Chromium:

Your connection is not private
Attackers might be trying to steal your information from https://gl.wikimerda.miraheze.org (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
gl.wikimerda.miraheze.org normally uses encryption to protect your information. When Chromium tried to connect to gl.wikimerda.miraheze.org this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be https://gl.wikimerda.miraheze.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.

You cannot visit https://gl.wikimerda.miraheze.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

LOL, are you d00dz trying to H3X0R my cookies? :)

Event Timeline

Carlb created this task.Mar 2 2019, 22:22
This comment was removed by Reception123.

@Carlb Well yes, that domain cannot exist so you will not be able to access it. The only fourth level subdomain that currently exists on Miraheze is m.*

John closed this task as Invalid.Mar 3 2019, 06:29
Carlb added a comment.Mar 3 2019, 07:33

"@Carlb Who directed you to this website? While they did point their domain to us, there was never any request for a custom domain made."

Oh, that's a see-cret and, if I told you, then I might have to keel you too. :) Nonetheless, this is in the logs as "approved": https://meta.miraheze.org/wiki/Special:RequestWikiQueue/7448

and fails with:

https://gl.wikimerda.miraheze.org uses an invalid security certificate. The certificate is only valid for the following names: *.miraheze.org, miraheze.org
Error code: SSL_ERROR_BAD_CERT_DOMAIN

Carlb reopened this task as Open.Mar 3 2019, 07:41
John closed this task as Invalid.Mar 3 2019, 08:03
John added a subscriber: John.

Technically that was submitted as a custom domain request.

https://desgalipesta.miraheze.org is the domain of the wiki.

If that domain is requested it will work without issue once processed.