Docs.rs: Expired certificate on doc.rs

Created on 3 Jul 2018  路  17Comments  路  Source: rust-lang/docs.rs

Since a few minutes doc.rs is not accessible using a secure browser:

docs.rs uses an invalid security certificate.

The certificate expired on 3 July 2018, 09:20. The current time is 3 July 2018, 09:28.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE

Most helpful comment

Certificate is renewed now, I actually wrote acme-client for docs.rs, so I can automate this process but never had enough time to integrate this to docs.rs. I'll just add a cron job now.

All 17 comments

Not the first time this happens: #9 #78 #106 . It seems that docs.rs certificates are managed manually.

There are automated tools for this, like certbot.

Copying my comment from Reddit:

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

I think if you're using HSTS, you should make sure your certificate stays up to date. Otherwise, people will start posting work-arounds, thus diminishing the positive effect of HSTS.

There are automated tools for this, like certbot.

Or if you don't like this tool, there are small ones like https://github.com/diafygi/acme-tiny, too. :) I use it to automate my certificates.

There is a ton of clients but please. This behavoir (if you really do this manually) is not acceptable for such a crucial infrastructure. needs improvement.

I'm sorry for my harsh words. :(

Just my opinion: I agree with @hellow554 that doc.rs is a critical infrastructure and it should probably not happen but the real problem behind that is it looks like doc.rs is baked only by @onur whereas it has became a critical rust infrastructure.

Shouldn't doc.rs be maintained by the @rust-lang org?

@hellow554 "not acceptable" is the kind of wording that makes volunteers give up. Better lobby the core team or Mozilla to maintain this service (which I agree is crucial by now).

Shouldn't doc.rs be maintained by the @rust-lang org?

Since @onur created and maintains this service that you all benefit from for free, shouldn't that be up to them to decide?

If any of you cares enough about this, you are all free to create and maintain a competing doc hosting service and donating it to the rust-lang org if you so wish (e.g. docs.crates.io is available...).

Until this day I thought that https://docs.rs is the offical (as in maintained by the rust team) page for docs :O I never thought about it before.

For a workaround, use Internet Explorer if you are on Windows. It allows you to still load the page, even though there is a certificate error.

I never expected the day where I'd say "this website works better using Internet Explorer" but oh well, here we are...

@gnzlbg I agree that it is not kind, but the question is then, what does docs.rs want to be? If he wants this to be useful to the community, it needs to not fail in preventable situations like this. After all, the only consequence here is that it shows us that things are not always available.

So yes, alternatives would certainly come up in discussions, possibly fragmenting the space. Which again, doesn't help anyone.

@gnzlbg

If any of you cares enough about this, you are all free of creating and maintaining a competing doc hosting service and donating it to the rust-lang org if you so wish (e.g. docs.crates.io is available...).

Well my point was exactly that it should probably not be maintained by one person. I am just using Rust for side-project. I just wanted to point out what I think is the real issue rather than using harsh words or trolling...

If @onur feel like this should indeed be part of the @rust-lang org, I will happily offer my voice to push this forward (if this is indeed helping). This is the only thing I can do at the moment.

Moving docs.rs to the rust-lang organization does not magically solve any problems. If we would just do it right now, @onur would still be the only person maintaining and hosting the site, and we would still have this exact same problem.

Reading through your comments, the root of your complaint is that "rust-lang should be doing more to offer documentation for the crates on crates.io in a reliable way". This is fair, but my point is that you should be directing this complaint at the rust-lang organization itself via its official channels (internals, crates.io, etc.) instead of just focusing them at @onur here.

@onur First of all, thank you for providing such a nice service to the entire Rust community! :heart:
Since your time as a volunteer is valuable, we understand that you want as little hassle as possible from infrastructure-problems like this.

Currently, the least amount of hassle you can have for SSL certs is by using LetsEncrypt: a free, _automated_ certificate provider, supported, among others by, Mozilla;

Set it up once, add a cronjob, and never worry about it again!
Detailed instructions for nginx are on the nginx blog:
https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

Hopefully, this one-time hassle now will make your service better, and allow you to work on things you _enjoy_, instead of doing boring, stressfull, manual cert renewals. :heart:

Certificate is renewed now, I actually wrote acme-client for docs.rs, so I can automate this process but never had enough time to integrate this to docs.rs. I'll just add a cron job now.

To all those who are asking docs.rs to be an official thing: Onur is on the rustdoc team now, and the plan is to do just that. We haven't had the opportunity to loop more people into the project yet.

@QuietMisdreavus: This is great news! Thanks for the update!

I actually wrote acme-client

Oh wow! For a second I thought you wrote it _just now_, but I see from the commit log that it goes back a longer while. Nice tool!

Kudos on automating the renewal for docs.rs!
(You have my sympathy as an admin who also had his certs expire on him)

Was this page helpful?
0 / 5 - 0 ratings