Libravatar (obsolete)

libravatar.org SSL cert (from StartCom) is no longer trusted

Bug #1661821 reported by Neal Gompa on 2017-02-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Libravatar (obsolete)	Fix Released	Critical	François Marier

Bug Description

Google Chrome users can no longer see libravatar.org because the StartCom certificate authority is no longer trusted at all[1]. Chrome throws an error stating that the CA is invalid, and refuses to allow connections because it has HSTS enabled.

Please get a new certificate from a trusted CA.

[1]: https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

Tags:

Neal Gompa (ngompa13) on 2017-02-04

tags:

added: security

Revision history for this message

François Marier (fmarier) wrote on 2017-02-04:

Thanks for filing the bug and reaching out on Twitter.

I was able to confirm this in Chrome 58, though 56 seems to work fine.

Changed in libravatar:
importance:	Undecided → Critical
status:	New → Confirmed
assignee:	nobody → François Marier (fmarier)

Revision history for this message

François Marier (fmarier) wrote on 2017-02-04:

Both www.libravatar.org and seccdn.libravatar.org have been switched over to letsencrypt certs:

https://www.ssllabs.com/ssltest/analyze.html?d=seccdn.libravatar.org
https://www.ssllabs.com/ssltest/analyze.html?d=www.libravatar.org

Changed in libravatar:
status:	Confirmed → Fix Released
tags:	removed: libravatar.org

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.