Codeberg/Community
54
325
Fork
You've already forked Community
12

Custom domain SSL issue #2178

Closed
opened 2025年10月17日 16:41:38 +02:00 by D4llo · 6 comments

Comment

I have a https://blockfriday.fr/ domain name configured to display the Codeberg repository: https://codeberg.org/solinfo/blockfriday

Records seems alright as per dnschecker.org and the documentation

Nom Type Contenu Priorité TTL
blockfriday.fr A 217.197.84.141 0 86400
blockfriday.fr AAAA 2a0a:4580:103f:c0de::2 0 86400
blockfriday.fr TXT main.pages.blockfriday.codeberg.page 0 86400
www.blockfriday.fr CNAME blockfriday.fr 0 86400

The error I face on firefox

Secure Connection Failed
An error occurred during a connection to blockfriday.fr. PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
 The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
 Please contact the website owners to inform them of this problem.

or

Secure Connection Failed
An error occurred during a connection to blockfriday.fr. Peer reports it experienced an internal error.
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT
 The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
 Please contact the website owners to inform them of this problem.

with curl I get

TLS connect error: error:0A000126:SSL routines::unexpected eof while reading

I tried to set a record blockfriday.fr CAA 0 issue "letsencrypt.org" without success

It does not work though. Why did it do wrong?

### Comment I have a https://blockfriday.fr/ domain name configured to display the Codeberg repository: https://codeberg.org/solinfo/blockfriday Records seems alright as per [dnschecker.org](https://dnschecker.org/all-dns-records-of-domain.php?query=blockfriday.fr&rtype=ALL&dns=opendns) and the [documentation](https://docs.codeberg.org/codeberg-pages/using-custom-domain/) | Nom | Type | Contenu | Priorité | TTL | | --- | --- | --- | --- | --- | | blockfriday.fr | A | 217.197.84.141 | 0 | 86400 | | blockfriday.fr | AAAA | 2a0a:4580:103f:c0de::2 | 0 | 86400 | | blockfriday.fr | TXT | main.pages.blockfriday.codeberg.page | 0 | 86400 | | www.blockfriday.fr | CNAME | blockfriday.fr | 0 | 86400 | The error I face on firefox ``` Secure Connection Failed An error occurred during a connection to blockfriday.fr. PR_END_OF_FILE_ERROR Error code: PR_END_OF_FILE_ERROR The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. ``` or ``` Secure Connection Failed An error occurred during a connection to blockfriday.fr. Peer reports it experienced an internal error. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. ``` with curl I get ``` TLS connect error: error:0A000126:SSL routines::unexpected eof while reading ``` I tried to set a record `blockfriday.fr CAA 0 issue "letsencrypt.org"` without success It does not work though. Why did it do wrong?
Author
Copy link

Ok I found an error. The format is [[branch.]repo.]user.codeberg.page so my TXT should be "main.pages.blockfriday.codeberg.page"

Alright now the https://troubleshoot.codeberg.page/verify.sh says

[INFO] Checking DNS records for blockfriday.fr...
[INFO] Looking for CNAME record...
[INFO] No CNAME record found!
[INFO] Looking for AAAA record...
[OKAY] blockfriday.fr resolves to 2a0a:4580:103f:c0de::2
[INFO] Looking for A record...
[OKAY] blockfriday.fr resolves to 217.197.84.141
[INFO] Looking for TXT record...
[OKAY] blockfriday.fr has TXT record "main.blockfriday.solinfo.codeberg.page"
[INFO] Resolving repository for main.blockfriday.solinfo.codeberg.page...
[OKAY] TXT record is OK!
[INFO] Repository: https://codeberg.org/solinfo/blockfriday
[INFO] Branch: main
[INFO] Source: https://codeberg.org/solinfo/blockfriday/src/branch/main
[INFO] Checking repository...
[OKAY] blockfriday.fr seems to be configured correctly!

which is nice

Ok I found an error. The format is `[[branch.]repo.]user.codeberg.page` so my TXT should be "main.pages.blockfriday.codeberg.page" Alright now the `https://troubleshoot.codeberg.page/verify.sh` says ``` [INFO] Checking DNS records for blockfriday.fr... [INFO] Looking for CNAME record... [INFO] No CNAME record found! [INFO] Looking for AAAA record... [OKAY] blockfriday.fr resolves to 2a0a:4580:103f:c0de::2 [INFO] Looking for A record... [OKAY] blockfriday.fr resolves to 217.197.84.141 [INFO] Looking for TXT record... [OKAY] blockfriday.fr has TXT record "main.blockfriday.solinfo.codeberg.page" [INFO] Resolving repository for main.blockfriday.solinfo.codeberg.page... [OKAY] TXT record is OK! [INFO] Repository: https://codeberg.org/solinfo/blockfriday [INFO] Branch: main [INFO] Source: https://codeberg.org/solinfo/blockfriday/src/branch/main [INFO] Checking repository... [OKAY] blockfriday.fr seems to be configured correctly! ``` which is nice
Author
Copy link

I still have the PR_END_OF_FILE_ERROR issue on firefox. Maybe it is cache related?

I still have the `PR_END_OF_FILE_ERROR` issue on firefox. Maybe it is cache related?
Author
Copy link

The .domains:

blockfriday.fr
www.blockfriday.fr
The .domains: ``` blockfriday.fr www.blockfriday.fr ```
Author
Copy link

It might be related to

Known pitfalls for failed certificate errors
If you have a CAA record configured, you must explicitly allow Let's Encrypt in your CAA record. The value of the CAA record would look like letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/292520050;validationmethods=tls-alpn-01,http-01.
It might be related to ``` Known pitfalls for failed certificate errors If you have a CAA record configured, you must explicitly allow Let's Encrypt in your CAA record. The value of the CAA record would look like letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/292520050;validationmethods=tls-alpn-01,http-01. ```
Author
Copy link

Is blockfriday.fr CAA 0 issue "letsencrypt.org" needed?

Is `blockfriday.fr CAA 0 issue "letsencrypt.org"` needed?
Author
Copy link

At the end, custom CAA is not needed

At the end, custom CAA is not needed
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#2178
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?