I am getting different behaviors from the discussion site between chrome on my iPad and on my iPhone.
On the iPad all is well and presented in desktop format.
On the iPhone I have gotten an “ERR_SSL_PROTOCOL_ERROR” that the site cannot provide a secure connection and sends an invalid response. I usually get a mobile format through chrome on the phone instead of this error.
This appears to have begun after the 7 January update and has persisted. Restarting the phone did not correct the error. Chrome appears to be connecting as normal to other sites.
In particular, I can still access the main tekeli.li site, Roger’s blog, and download the Whartson Hall audio for the week through chrome mobile as normal.
Don’t know if this is my issue but wanted to document the behavior here as feedback after the update.
The certificate being served passes my own checks, but SSL is fiddly and complex at the best of times and client software which won’t tell you what is going wrong Does Not Help Matters.
Something is funny. Edge Chromium and Chrome both reckon the site is secure, but when I ask them to show me the certificate, they show me different expired certificates. One expired on 26th September; the other expired on 24th November. Firefox is showing a valid certificate, expiring on 23rd March.
Those dates are consistent with Let’s Encrypt certificate renewal intervals, but why would it ever serve an old cert?
Firefox here says the cert expires on 23 March 2021; so does Chromium. (So does a raw https request.) Is there some sort of client-side cacheing going on perhaps?
The only certs I can find living inside the Docker image are, ooh, that’s interesting. There are two:
discussion.tekeli.li.cer
Issuer: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
Not Before: Nov 24 23:36:21 2020 GMT
Not After : Feb 22 23:36:21 2021 GMT
discussion.tekeli.li_ecc.cer
Issuer: C = US, O = Let’s Encrypt, CN = R3
Not Before: Dec 23 23:58:13 2020 GMT
Not After : Mar 23 23:58:13 2021 GMT
But possibly not relevant, as they’re both valid; I can’t see where an older cert would be coming from.
OK, forcing reloads has both browsers reporting the right certificate, but they had certainly not been running since before the change. Looks like dodgy caching here.
in the last few days I’ve started getting this on my iOS phone using safari. I can still get on all other browsers on my laptop and both it’s OSs hence this message. Not the end fo the world but I thought worth reporting.
Just for thoroughness and to allow this to be closed down, this issue resolved itself today. It was still present, I am certain, last Friday and I didn’t check intentionally for it over the weekend, but it’s gone now.