Direct download links not working

[daker]

Direct download links .exe/dmg & torrent are not working due to a server configuration, same behavior i have seen with Chrome/Firefox, how to reproduce :

1. Open https://releases.wildfiregames.com/0ad-0.0.21-alpha-win32.exe.torrent
2. You'll get an SSL error, accept the cert
3. You'll be redirect https://wildfiregames.com/0ad-0.0.21-alpha-win32.exe.torrent (which return a 404 error)

Running a wget with --no-check-certificate you will be get the same behavior :

$ LC_ALL="en_EN" wget https://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg --no-check-certificate
--2017-07-01 18:48:44--  https://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg
Resolving releases.wildfiregames.com (releases.wildfiregames.com)... 136.243.15.233
Connecting to releases.wildfiregames.com (releases.wildfiregames.com)|136.243.15.233|:443... connected.
WARNING: no certificate subject alternative name matches
	requested host name 'releases.wildfiregames.com'.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg [following]
--2017-07-01 18:48:44--  https://wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg
Resolving wildfiregames.com (wildfiregames.com)... 136.243.15.233
Connecting to wildfiregames.com (wildfiregames.com)|136.243.15.233|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-07-01 18:48:45 ERROR 404: Not Found.

 

[Stan`]

@implodedok Something you can do ?

[feneur]

@stanislas69 No need for him to do anything in a more specific sense, as this is most likely (99,99999999% sure ) due to daker using a plugin for his browser which forces https for web sites regardless of whether or not the server supports it. In a more general sense he could enable SSL for the downloads as well as the rest of the site, but that's another discussion.

@daker, please check if this is the case. Otherwise let us know, but so far it's always been the case when people have had this error =)

[daker]

@feneur true, it's HTTPS Everywhere, it works if i disable it, but using wget it won't 

$ LC_ALL="en_EN" wget http://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg
URL transformed to HTTPS due to an HSTS policy
--2017-07-01 21:05:55--  https://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg
Resolving releases.wildfiregames.com (releases.wildfiregames.com)... 136.243.15.233
Connecting to releases.wildfiregames.com (releases.wildfiregames.com)|136.243.15.233|:443... connected.
ERROR: no certificate subject alternative name matches
	requested host name 'releases.wildfiregames.com'.
To connect to releases.wildfiregames.com insecurely, use `--no-check-certificate'.

$ LC_ALL="en_EN" wget http://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg --no-check-certificate
URL transformed to HTTPS due to an HSTS policy
--2017-07-01 21:07:24--  https://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg
Resolving releases.wildfiregames.com (releases.wildfiregames.com)... 136.243.15.233
Connecting to releases.wildfiregames.com (releases.wildfiregames.com)|136.243.15.233|:443... connected.
WARNING: no certificate subject alternative name matches
	requested host name 'releases.wildfiregames.com'.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg [following]
--2017-07-01 21:07:25--  https://wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg
Resolving wildfiregames.com (wildfiregames.com)... 136.243.15.233
Connecting to wildfiregames.com (wildfiregames.com)|136.243.15.233|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-07-01 21:07:25 ERROR 404: Not Found.

 

Edited July 1, 2017 by daker

[feneur]

Just now, daker said:

URL transformed to HTTPS due to an HSTS policy

Not sure what an HSTS policy is, but I assume that's what's causing it. Presumably it's something similar to HTTPS Everywhere for WGET?

[daker]

Yeah, wget still remember the policy from the last retries, deleting the HSTS entries makes it work

$ LC_ALL="en_EN" wget http://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg --no-check-certificate --debug 
DEBUG output created by Wget 1.17.1 on linux-gnu.

Reading HSTS entries from /home/$hostname/.wget-hsts
URI encoding = 'ANSI_X3.4-1968'
converted 'http://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg' (ANSI_X3.4-1968) -> 'https://releases.wildfiregames.com/0ad-0.0.21-alpha-osx64.dmg' (UTF-8)
URL transformed to HTTPS due to an HSTS policy

 

Edited July 1, 2017 by daker

[Stan`]

@feneur Yeah I was suspecting this plugin as well but couldn't remember the name X)

[implodedok]

I have recently enabled HSTS headers for wildfiregames.com, but I didn't realize that that also includes subdomains automatically.  I'll look into it.

[leper]

Maybe we can now actually serve a valid cert for releases.wildfiregames, which someone might have complained about a few months ago...

[elexis]

That we should be written with a capital letter, as it's the proper noun, right?