Discuss mailing list

[Stephan Jauernick <info AT stephan-jauernick.de>]

Hi,

/me comes briefly out of his hidey hole

Thanks for bringing this to my attention.

members.opennic.org / members.opennicproject.org cert fixed.

Should survive further renewals.

For lists.opennicproject.org I pinged a friend, they fixed it :)

Added monitoring for all the HTTPS/LDAP endpoints.

I appologize for the inconviniences and late fixing.

/me hides again

Kind Regards,

Stephan

Am 16.01.2021 um 22:34 schrieb Rouben:

Thanks! I can see my IPs in the whitelist now.

I prefer acme.sh for cert renewal; works quote well and is quite light. Also avoids letting nginx have write access to certs.

Rouben

On Fri, Jan 15, 2021 at 7:45 PM Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

Finally figured out the issue with whitelist and ddns updates, they appear to be updating smoothly now.

The expired cert on the members site is a known issue (nginx being obnoxious about not allowing access to the cert files), but we're looking into it.

The IP you listed for updating is correct, except it's http, not https.  Updates through the domain name use https and work fine
.

On 1/15/21 1:41 AM, Rouben wrote:

Hi,

https://161.97.219.82/ip/update/ is a 404. That's the old URL for api.opennic.org, but the problem is it's still being advertised on members.opennic.org (hardcoded?)

Moreover, https://members.opennicproject.org has an expired TLS cert. So does https://lists.opennicproject.org.

Finally, using the proper API URL from an IPv4 endpoint (haven't tested IPv6) adds the IP of api.opennicproject.org to the whitelist, instead of the actual IP of the machine that calls the API... in other words:

curl --insecure "https://api.opennicproject.org/ip/update/?user=rouben&auth=<redacted>

always outputs:

# 116.203.98.109

which happens to be the IPv4 address for api.opennicproject.org:

host api.opennicproject.org
api.opennicproject.org is an alias for api.opennic.org.
api.opennic.org has address 116.203.98.109
api.opennic.org has IPv6 address 2a01:4f8:1c1c:bd6f::1

Seems like a logic error to me, making it impossible to update dynamic IPs on whitelists, or the API has changed (again, both the wiki and the members.opennicproject.org portal needs to be updated in this case), and I am using it incorrectly.

Is anyone looking into this? Need help?

Rouben

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org