We have been getting multiple reports that users of pagekite.py
on recent distributions (mostly Debian 9 or distributions derived from Debian 9) have been having difficulties connecting to the our relay servers.
This is due to the fact that Debian 9 stopped shipping the CA Certificate for StartCom, which we are still relying on for a few things. This is (in our opinion) a misguided bit of security theater - our certificate was issued before the problems which caused StartCom to lose their status as a Certificate Authority and there is no reason to believe it has been compromised in any way. As far as I know, the browser vendors by and large still trust it, but Debian decided to remove it anyway.
We are working on an update to pagekite.py
to work around the problem until we can switch certificates. This has taken longer than we had hoped, but should be public within the next few weeks.
In the meantime, we recommend the following workarounds.
For use of pagekite.py
on the CLI:
$ pagekite.py --ca_certs=$(which pagekite.py) ...
Alternately, update your configuration. In either /etc/pagekite.d/20_frontends.rc
(for PageKite running as a daemon) or ~/.pagekite.rc
, add the following line:
ca_certs = /path/to/pagekite.py
If you have installed the Debian package, then use the path to pagekite
instead of pagekite.py
. The correct path can be found by using the command which pagekite
or which pagekite.py
(whichever command you use to launch PageKite).
Welcome to the PageKite blog!
Here we write about anything and everything to do with running the service, building a company, open-source, privacy online... you name it.
But mostly it's about PageKite.
Comments
None, comments are closed.