On 9/26/18 3:30 PM, Danesh Manoharan wrote: > 1. pings don't come back. Think icmp is turned off. > 2. On a machine inside. > [root@testmachine001 ~] #wget https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/ > --2018-09-26 21:34:23-- (try:20) https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/ > Connecting to copr-be.cloud.fedoraproject.org|209.132.184.48|:443... failed: Connection timed out. > Giving up. > 3. On a machine outside. > [root@testmachine ~]# wget https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/ > --2018-09-27 06:25:26-- https://copr-be.cloud.fedoraproject.org/results/managerforlustre/manager-for-lustre/epel-7-x86_64/ > Resolving copr-be.cloud.fedoraproject.org... 209.132.184.48 > Connecting to copr-be.cloud.fedoraproject.org|209.132.184.48|:443... connected. > ERROR: certificate common name “copr.fedorainfracloud.org” doesn’t match requested host name “copr-be.cloud.fedoraproject.org”. > To connect to copr-be.cloud.fedoraproject.org insecurely, use ‘--no-check-certificate’. > > I suspect we might have gotten blacklisted, maybe? We've been running a large lustre install with IML which tells it's hosts to pull from the repo. Hmmm, well, I see three possibilities: a) Your corporate firewall doesn't allow https:// (port 443) connections (unlikely) b) You're using a proxy or a browser that doesn't like the fact that the domain requested doesn't match the domain the SSL cert was generated for and just tosses the traffic out quietly. You could try the wget using that "--no-check-certificate" option and see if that buys you anything. That's just a wild stab in the dark, though. c) You really are blacklisted, but again I think that's fairly unlikely. The owners of the website would need to know your public IP to determine if you're blacklisted or not and you'd need to contact them directly I'd think--not this list. The website in question IS run by RedHat and the email contact for tech questions (according to whois) is "noc@xxxxxxxxxx". In regards to b) above, it is interesting that SSL cert is generated for copr.fedorainfracloud.org. That, in turn, is an alias for copr-fe.cloud.fedoraproject.org with an IP of 209.132.184.54. And your request is for copr-be.cloud.fedoraproject.org with an IP of 209.132.184.48. Dunno if a redirect occurs or what (doesn't appear so from the wget output), but if so, you may need to make sure your firewall allows both IPs (209.132.184.48 and 209.132.184.54). That's subtle ("copr-fe...." versus "copr-be...."), but interesting. I'd also have expected them to use wildcard SSL certs for "*.fedoraproject.org" to handle this. For my part, I've always tried to use SSL certs generated for actual the TLD of actual machine names--not aliases. I think some servers and client libraries don't handle that well, but I've been mistaken before (quite often, in fact). ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - I haven't lost my mind. It's backed up on tape somewhere, but - - probably not recoverable. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
