Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Panic!
Or... let Brad know so he can fix it. |
quote |
Sneaky Punk
|
Just came to post this...
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Yeah. I PM'd Brad but I also reported myself so it would email the leadership.
I dealt with this with my servers. Something changed in the paths for letsencrypt on linux and it screwed up my certs. Updating the path in the cron fixed it though. For most of my systems now I use acme.sh since it seems to be very well maintained and has been painless once implemented. It went from: Code:
/opt/letsencrypt/letsencrypt-auto renew && systemctl reload httpd to Code:
/opt/letsencrypt/letsencrypt-auto-source/letsencrypt-auto renew && systemctl reload httpd Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
If we leave it then we'll be more exclusive!!!!
... |
quote |
‽
|
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
No wonder I haven't heard back from him yet.
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Weird. Let's Encrypt usually sends out a bunch of reminders shortly before this happens, but I didn't get any this time. 🤔 I guess I need to double-check all my spam filters and maybe set up a little extra monitoring.
Thanks for the heads-up, though. Hopefully all is good now. I think I've mentioned this before, but the cert here is kind of like a dead man's switch for me, and it's one thing that I manually refresh every few months. If it stays broken for too long, you can probably write me off as a goner. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Not that I expect you to feel better about it, but I only got one for a domain that was expiring on my server. I don't have multiple names on my certs but do a cert for each TLD. Only one out a handful. I checked spam too.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
I didn’t know what was going on but that message screen I got when trying to visit the past 12-18 hours kinda scared me so I just figured it was happening to others and would soon get sorted out. I didn’t know if it was just something I was seeing on both my phone and Mac.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
The error you see is something you should be concerned about normally. I know the geeky stuff so I knew it was safe. If you don't know how to check, or what to check then best to be safe.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
That was me. I didn’t feel safe proceeding. I figured at some point in the coming days I’d check back and the site would load again normally, no biggie.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I didn't know this but certainly understand the logic here.
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
If y'all want to pay for a full on SSL I'm in for a contribution.
... |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
That would leave him to be dead up to five years before the cert expires though. Not a very timely dead man's switch.
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
Quote:
Brad we are going to need more connections so we can save you. ... |
|
quote |
‽
|
Quote:
Ostensibly. In practice, the times I’ve seen where a cert warning was an actual case of identity fraud is probably zero or close to that. The times I’ve seen very warnings where someone forgot to fix their cert? Many (including sometimes from big corps like MS). |
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I thought there was a limit for the certs now. I was actually surprised to see we could order for 5 years still.
As for the error, you and I know what to look for and what to expect. We have the training and knowledge for it. I'm not going to recommend someone "chance it" when they really don't have a clue. In practice, I've never seen a real man-in-the-middle or malicious takeover/redirect either though. Outside to training and such that is. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
‽
|
|
quote |
9" monochrome
Join Date: May 2004
Location: 🇦🇺
|
Quote:
I thought about visiting Reddit to check what was going on, but was too lazy. I just checked then… no action. |
|
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
Head's up, I just got this alert again on my iPhone and MacBook on 5/27, saying this site's certificate had expired. I went ahead and visited because I assumed that's all it is?
|
quote |
‽
|
Yeah, Brad’s auto-renew script must be borked.
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Sorry for the hiccup, folks. Should be all better now! I'm not dead yet.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I've noticed that the email notice of pending cert expirations seems to have stopped almost completely at this point. I'm actively monitoring my certs now with a Zabbix server. I just can't trust they will auto-renew nor can I trust that I'll get the email letting me know they are expiring.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Is there a way to accept invalid certs with Safari? | turtle | Genius Bar | 4 | 2020-05-18 19:03 |
How long do registries/registrars hold expired domains before offering them for sale? | Robo | Programmer's Nook | 3 | 2009-10-11 01:27 |
Site rip -> PDF | eleazar | Genius Bar | 7 | 2009-02-11 17:54 |
Expired trial: Filemaker Pro. Need data! | torifile | Genius Bar | 18 | 2007-11-29 21:04 |
Still getting this Domain is expired!! | scratt | Feedback | 2 | 2005-09-12 03:50 |