1 Answer
- Newest
- Most votes
- Most comments
0
The cert for api.sailingplan.ca appears to be valid (will expire in ten days):
$ openssl s_client -connect api.sailingplan.ca:443 -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M01
verify return:1
depth=0 CN = app.sailingplan.ca
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:CN = app.sailingplan.ca
i:C = US, O = Amazon, CN = Amazon RSA 2048 M01
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 22 00:00:00 2023 GMT; NotAfter: May 27 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgIQD442H0Q1kTCXfelGgqr5rjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
The other two domains have the same cert that expired more than a year ago:
$ openssl s_client -connect app.sailingplan.ca:443 -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
verify return:1
depth=0 CN = dashboard.sailingplan.ca
verify error:num=10:certificate has expired
notAfter=Mar 6 23:59:59 2022 GMT
verify return:1
depth=0 CN = dashboard.sailingplan.ca
notAfter=Mar 6 23:59:59 2022 GMT
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:CN = dashboard.sailingplan.ca
i:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 5 00:00:00 2021 GMT; NotAfter: Mar 6 23:59:59 2022 GMT
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQAVsKtKan0lTuux3ZJ4v24DANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
$ openssl s_client -connect dashboard.sailingplan.ca:443 -showcerts | head
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
verify return:1
depth=0 CN = dashboard.sailingplan.ca
verify error:num=10:certificate has expired
notAfter=Mar 6 23:59:59 2022 GMT
verify return:1
depth=0 CN = dashboard.sailingplan.ca
notAfter=Mar 6 23:59:59 2022 GMT
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:CN = dashboard.sailingplan.ca
i:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 5 00:00:00 2021 GMT; NotAfter: Mar 6 23:59:59 2022 GMT
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQAVsKtKan0lTuux3ZJ4v24DANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Looking up the DNS record for api.sailingplan.ca it returns two IPs of EC2 instances in ca-central-1, whereas app & dashboard are CloudFront distributions. So it seems the cert needs to be updated in CloudFront https://www.youtube.com/watch?v=AY0iJyCOkOc
Relevant content
- asked 2 years ago
- asked 5 years ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 5 months ago