As I have asked a couple of questions in different rooms and received no response, and it seems I can only interact with Matteo and Alex, I wanted to ask if everyone else has been using Riot last week and received my messages or there is an issue?
Or maybe everyone is on holidays and I just missed the announcement? In which case apologies:)
ping @noemi @matthias @nadia @alberto
It seems to work, but I don’t see recent messages from you. I sent you a message on one-to-one chat and got no reply… Hmm, strange.
same for me, it works but I also just sent you message and pinged you in Culture Squad… nothing?
Hmm ok. Since others can still use Matrix between them, it will be because there is a new bug in the federation feature. That’s needed in your case because you have an
:matrix.org account while nearly everyone else has an
To fix that, I’ll create an
:edgeryders.eu Matrix account for you. That was how it was intended anyway, as it has some other benefits for us like messages not being saved on other servers (which otherwise happens due to the federation features).
Great! Let me know when it will be ready - i am afraid alex and matteo might be experiencing same issues
Made the new account for you. See instructions and password via e-mail.
I’ll check the situation of Alex’ and Matteo’s account tomorrow and make new ones as well, if needed.
Edit: Fixed for these guys as well. Matteo had an
:edgeryders.eu account but was perhaps still using the
:matrix.org account. For Alex I had to make a new one.
I havent received anything on riot since Thursday - at first i had a warning, today i decides to risk accepting it and I see nothing on riot channels anyway. Is everything working, is maybe everyone on riot holidays?
I also have problems on desktop since a few days - it says I’m offline. But on phone it seems to be working ok…
@matthias would you happen to know why?
For this problem: there was a pending software update to the Matrix server that hopefully fixes this (I have installed it now). At least I can log in again using the current live version of the Riot chat client (riot.im/app/) on a desktop computer.
Could you try again please, @inge and @natalia_skoczylas and @anon82932460? You may have to first use the “Logout” function to force a new login attempt.
(If the login does not succeed and a “Unable to connect to Homeserver. Retrying…” message is displayed: that can be a different issue in cases where you’re running low (<1 GiB) on free hard disk space. Try the login in incognito / private browsing mode then.)
The certificate warning is unexpected (nothing changed on our side) but I have a theory. There was a SSL certificate change of the riot.im server’s certificate recently. On my side I see yet another one than the one Natalia mentioned, but that is possible because Riot uses Cloudflare, and Cloudflare has many certificates for its many subdomains which it somehow uses to work against possible DDoS attacks.
For the web version, the Cloudflare certificate changed on 2019-07-11, but they might have rolled out / installed the certificate a few days after obtaining it, so that could still fit for the timing that Natalia has observed. And it would explain why the app still works while the browser version (which uses Cloudflare) had issues. Because the app does not use Cloudflare:
if you don’t want to rely on Cloudflare’s availability to access a Riot client, you can download the electron client, or a mobile app, or host your own Riot web instance, or use one hosted by somebody else (source)
So I think there is no danger implied in that certificate warning. To be sure, I would however need to know what server the certificate change is about (as that is not mentioned in the error message Natalia got). So, @natalia_skoczylas, could you visit Element and click on the lock symbol in the browser’s address bar and copy & paste the values of “Common Name (CN)” and “SHA-256 Fingerprint” of the certificate of that site? Let’s see if it is the same as the one you go the error message for. If so, and if it’s by Cloudflare, everything is fine.
Here it is, before I logged out on my browser
So it seems the Matrix works again for you now?
About the screenshot: you found the right screen to shoot. Just, we needed that screen while you are visiting riot.im/app, not while on edgeryders.eu. (But not anymore, read on.)
Now I am pretty sure now that the warning was about the SSL certificate of our Matrix server, not of riot.im. Because I found the part of the source code displaying the message you saw, and that’s about the Matrix homeserver. That means I’d need a screenshot of the certificate screen while you are visiting matrix.edgeryders.eu:8448 please.
For anyone with the same issue, the correct certificate until 2019-09-17 has the following SHA-256 fingerprint and you should not accept any other certificate when asked:
4E 34 36 AF 20 5D 69 AC 66 02 04 5F C2 4B B1 46
E9 DE 90 91 4E 91 EC 14 1D 2D 37 64 E1 44 91 80
No idea why that warning happened. Let’s see if we find the offending certificate on Natalia’s computer … I don’t expect so, but let’s see …
Here is the requested screenshot: Screenshot by Lightshot
Thanks! That certificate is the right one for our Matrix server. So everything looks safe right now.
But since we could not really figure out what happened: please tell me if the same “certificate changed” problem happens again, including a screenshot of the same certificate screen at that time. If you want to be extra safe, there are also browser extensions that alert you when SSL certificates change.
@matthias I’m having the same problem again, both on desktop and phone
not working for me either
That’s an interesting error message because it is wrong. The certificate did not change, it just expired. This is a known issue in the Riot app.
That was the issue … again Everything about our Matrix server is back to normal again. If you got logged out, you’ll have to log in again.
Actually on second thought @natalia_skoczylas, that made no sense. You showed me a certificate warning from your phone (with a wrong certificate), and then we tested on your desktop computer that you see the right
matrix.edgeryders.eu certificate. A hacker could have targeted your phone and not the desktop computer, so just checking on desktop made no sense.
Now in all probability your Riot on the phone did not get hacked, because why would anyone want to do that. But to be sure, you’d have to reinstall the Riot app on the phone and delete all its data in order to undo that you clicked “Trust” for that wrong certificate. And for that there is no practical solution in Android that I know of, nor is there a way in the Riot app to check what Matrix server certificate you use currently and which ones you trust, and to change the trust.
tl;dr: If somebody would try to hack our Riot chat, it’s not so easy to defend. I should write several bug reports to the developers … if I had the time for it. (Update: I sent them this one.)
Quick solution for the future: Everyone, please do not accept any untrusted certificate in the Riot mobile application. The website will stop working when there is an untrusted certificate, but the mobile version will ask if you want to create an exception. From today until 2019-12-17, the SHA-256 fingerprint of the right certificate is this one (and it will be trusted automatically and thus should never appear in the screen asking for an exception):
8F CB EC 5E 0B FF 86 A7 27 AF 0B 77 99 70 A1 EB
78 8A 95 B3 52 11 7A D0 D2 95 BE A5 85 AC E6 30