Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

snapper.io is not secure #905

Open
ShalokShalom opened this issue May 3, 2024 · 4 comments
Open

snapper.io is not secure #905

ShalokShalom opened this issue May 3, 2024 · 4 comments

Comments

@ShalokShalom
Copy link

ShalokShalom commented May 3, 2024

Hitting snapper.io from my Vivaldi, it reports the website is not secure.
I imagine the certificate is outdated, or something like that.

I honestly did not have a close look on the exact error, and now my browser is just skipping it and going straight to the site, sorry. :)

@Marcool04
Copy link

Marcool04 commented May 11, 2024

Yeah Firefox for example is just saying there is no HTTPS version:

HTTPS-Only Mode Alert
Secure Site Not Available

You’ve enabled HTTPS-Only Mode for enhanced security, and a HTTPS 
version of snapper.io is not available.

What could be causing this?

    Most likely, the website simply does not support HTTPS.
    It’s also possible that an attacker is involved. If you decide to visit
    the website, you should not enter any sensitive information like
    passwords, emails, or credit card details.

If you continue, HTTPS-Only Mode will be turned off temporarily for this site.

and it seems the only certificate that can be found is for github.com:

curl -v "https://snapper.io"                                                                                              
* Host snapper.io:443 was resolved.                                                                                                      
* IPv6: (none)                                                                                                                           
* IPv4: 192.30.252.153, 192.30.252.154                                                                                                   
*   Trying 192.30.252.153:443...                                                                                                         
* Connected to snapper.io (192.30.252.153) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.com
*  start date: Jul  7 00:00:00 2023 GMT
*  expire date: Jul  9 23:59:59 2024 GMT
*  subjectAltName does not match host name snapper.io
* SSL: no alternative certificate subject name matches target host name 'snapper.io'
* Closing connection
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'snapper.io'

@polzon
Copy link

polzon commented Jun 4, 2024

I'm also getting this error, which seems like this issue is a month old now. There is zero reason to ever justify not using https, and it's very easy to setup. So this kind of questions my credibility of this software.

@CicadaSeventeen
Copy link

Still no https now

@numanair
Copy link

numanair commented Oct 2, 2024

#707 #347

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants