Curl saying certificate has expired, howerver web brower (google chrome) does not complains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

tracking.burro.click

I ran this command:

curl hxxps://burro.click:8443/ -H 'Accept: application/json, text/plain, /'

It produced this output:

curl: (60) SSL certificate problem: certificate has expired
More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

My web server is (include version):

jetty (java) v9.4.27.v20200227

The operating system my web server runs on is (include version):

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

My hosting provider, if applicable, is:

AWS

I can login to a root shell on my machine (yes or no, or I don't know):

YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.11.0

Your certificate expired yesterday, chrome is just being nice to you. You'll need to renew your certificate.

Can you please edit the endpoint out of your example URL. The data does not look like it should be shared.

Btw the URL you linked to is vulnerable to an enumeration attack (i.e. where someone just submits a variation of the numbers to scrape all the data) which at the very least would be a leak of everyones email/home addresses.

@moderators anyone who can edit the post and remove the history?

2 Likes

Just an observation:
burro.click:8443
burro.click:443
return different certs - one is valid the other is not.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.