Remove Snowflake broker configuration for "snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net"
Since #40349 (closed), connecting to the snowflake broker without SNI causes the server to send the certificate for snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net:
$ openssl s_client -noservername -connect snowflake-broker.torproject.net:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E5
verify return:1
depth=0 CN = snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net
verify return:1
---
Certificate chain
0 s:CN = snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net
i:C = US, O = Let's Encrypt, CN = E5
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Dec 1 19:22:55 2024 GMT; NotAfter: Mar 1 19:22:54 2025 GMT
1 s:C = US, O = Let's Encrypt, CN = E5
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMTThis is unexpected.
It is possible that Nginx is defaulting to /etc/nginx/sites-enabled/https-site,
because that file, unlike https-site-broker-prod and https-site-broker-prod-freeheaven,
does not have a server_name directive.
In any case, snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net was only used for testing.
Please remove its configuration.