Page MenuHomeMiraheze
Create Task
Maniphest T4167

miraheze.org wildcard cert doesn't allow fourth-level subdomains - add HSTS and there's no way to access these at all
Closed, InvalidPublic
Actions

Description

In Firefox:

Your connection is not secure

The owner of https://gl.wikimerda.miraheze.org has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

In Chromium:

Your connection is not private
Attackers might be trying to steal your information from https://gl.wikimerda.miraheze.org (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
gl.wikimerda.miraheze.org normally uses encryption to protect your information. When Chromium tried to connect to gl.wikimerda.miraheze.org this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be https://gl.wikimerda.miraheze.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.

You cannot visit https://gl.wikimerda.miraheze.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

LOL, are you d00dz trying to H3X0R my cookies? :)

Event Timeline

Carlb created this task.Mar 2 2019, 22:22
Herald added subscribers: revi, Southparkfan, CnocBride and 2 others. · View Herald TranscriptMar 2 2019, 22:22
Reception123 added a comment.Mar 3 2019, 06:21
This comment was removed by Reception123.
Reception123 added a comment.Mar 3 2019, 06:23

@Carlb Well yes, that domain cannot exist so you will not be able to access it. The only fourth level subdomain that currently exists on Miraheze is m.*

John closed this task as Invalid.Mar 3 2019, 06:29
Carlb added a comment.Mar 3 2019, 07:33

"@Carlb Who directed you to this website? While they did point their domain to us, there was never any request for a custom domain made."

Oh, that's a see-cret and, if I told you, then I might have to keel you too. :) Nonetheless, this is in the logs as "approved": https://meta.miraheze.org/wiki/Special:RequestWikiQueue/7448

and fails with:

https://gl.wikimerda.miraheze.org uses an invalid security certificate. The certificate is only valid for the following names: *.miraheze.org, miraheze.org
Error code: SSL_ERROR_BAD_CERT_DOMAIN

Carlb reopened this task as Open.Mar 3 2019, 07:41
John closed this task as Invalid.Mar 3 2019, 08:03
John subscribed.

Technically that was submitted as a custom domain request.

https://desgalipesta.miraheze.org is the domain of the wiki.

If that domain is requested it will work without issue once processed.

John triaged this task as Normal priority.Apr 16 2020, 20:48