User Name
Password
AppleNova Forums » Feedback »

Certs for the site expired. (202109)


Register Members List Calendar Search FAQ Posting Guidelines
Certs for the site expired. (202109)
Thread Tools
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-16, 13:26

Panic!

Or... let Brad know so he can fix it.
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-09-16, 13:42

Just came to post this...
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-16, 13:43

Yeah. I PM'd Brad but I also reported myself so it would email the leadership.

I dealt with this with my servers. Something changed in the paths for letsencrypt on linux and it screwed up my certs. Updating the path in the cron fixed it though. For most of my systems now I use acme.sh since it seems to be very well maintained and has been painless once implemented.

It went from:
Code:
/opt/letsencrypt/letsencrypt-auto renew && systemctl reload httpd
to
Code:
/opt/letsencrypt/letsencrypt-auto-source/letsencrypt-auto renew && systemctl reload httpd

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-09-16, 15:57

If you guys have already sent him a note, then I don't need to.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-16, 16:04

  quote
drewprops
Space Pirate
 
Join Date: May 2004
Location: Atlanta
 
2021-09-16, 17:20

If we leave it then we'll be more exclusive!!!!


...
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2021-09-16, 17:54

Quote:
Originally Posted by turtle View Post
I think you need a…

Bradsignal

I’m sorry
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-16, 19:33

No wonder I haven't heard back from him yet.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2021-09-17, 08:15

Weird. Let's Encrypt usually sends out a bunch of reminders shortly before this happens, but I didn't get any this time. 🤔 I guess I need to double-check all my spam filters and maybe set up a little extra monitoring.

Thanks for the heads-up, though. Hopefully all is good now.

I think I've mentioned this before, but the cert here is kind of like a dead man's switch for me, and it's one thing that I manually refresh every few months. If it stays broken for too long, you can probably write me off as a goner.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-17, 08:17

Not that I expect you to feel better about it, but I only got one for a domain that was expiring on my server. I don't have multiple names on my certs but do a cert for each TLD. Only one out a handful. I checked spam too.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-09-17, 08:59

I didn’t know what was going on but that message screen I got when trying to visit the past 12-18 hours kinda scared me so I just figured it was happening to others and would soon get sorted out. I didn’t know if it was just something I was seeing on both my phone and Mac.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-17, 09:29

The error you see is something you should be concerned about normally. I know the geeky stuff so I knew it was safe. If you don't know how to check, or what to check then best to be safe.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-09-17, 09:34

That was me. I didn’t feel safe proceeding. I figured at some point in the coming days I’d check back and the site would load again normally, no biggie.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-17, 10:00

Quote:
Originally Posted by Brad View Post
I think I've mentioned this before, but the cert here is kind of like a dead man's switch for me, and it's one thing that I manually refresh every few months. If it stays broken for too long, you can probably write me off as a goner.
I didn't know this but certainly understand the logic here.
  quote
drewprops
Space Pirate
 
Join Date: May 2004
Location: Atlanta
 
2021-09-17, 11:51

If y'all want to pay for a full on SSL I'm in for a contribution.


...
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-17, 12:33

That would leave him to be dead up to five years before the cert expires though. Not a very timely dead man's switch.
  quote
drewprops
Space Pirate
 
Join Date: May 2004
Location: Atlanta
 
2021-09-17, 12:44

Quote:
Originally Posted by turtle View Post
That would leave him to be dead up to five years before the cert expires though. Not a very timely dead man's switch.
Egads, you're RIGHT!!

Brad we are going to need more connections so we can save you.


...
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2021-09-17, 16:17

Quote:
Originally Posted by turtle View Post
That would leave him to be dead up to five years before the cert expires though. Not a very timely dead man's switch.
Nope. Max cert length that most browsers accept is now roughly one year. You can still buy for multiple, but they’ll simply issue you another one a year down the road.

Quote:
Originally Posted by turtle View Post
The error you see is something you should be concerned about normally.
Ostensibly. In practice, the times I’ve seen where a cert warning was an actual case of identity fraud is probably zero or close to that. The times I’ve seen very warnings where someone forgot to fix their cert? Many (including sometimes from big corps like MS).
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-09-17, 16:44

I thought there was a limit for the certs now. I was actually surprised to see we could order for 5 years still.

As for the error, you and I know what to look for and what to expect. We have the training and knowledge for it. I'm not going to recommend someone "chance it" when they really don't have a clue. In practice, I've never seen a real man-in-the-middle or malicious takeover/redirect either though. Outside to training and such that is.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2021-09-17, 16:54

Quote:
Originally Posted by turtle View Post
As for the error, you and I know what to look for and what to expect. We have the training and knowledge for it. I'm not going to recommend someone "chance it" when they really don't have a clue.
Yes, that’s fair.
  quote
Mac+
9" monochrome
 
Join Date: May 2004
Location: 🇦🇺
 
2021-09-17, 20:31

Quote:
Originally Posted by pscates2.0 View Post
I didn’t know what was going on but that message screen I got when trying to visit the past 12-18 hours kinda scared me so I just figured it was happening to others and would soon get sorted out. I didn’t know if it was just something I was seeing on both my phone and Mac.
Same here.

I thought about visiting Reddit to check what was going on, but was too lazy.

I just checked then… no action.
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2022-05-28, 09:14

Head's up, I just got this alert again on my iPhone and MacBook on 5/27, saying this site's certificate had expired. I went ahead and visited because I assumed that's all it is?
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2022-05-28, 13:13

Yeah, Brad’s auto-renew script must be borked.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2022-05-28, 13:31

Sorry for the hiccup, folks. Should be all better now! I'm not dead yet.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2022-05-28, 14:19

Quote:
Originally Posted by Brad View Post
I'm not dead yet.


I'm getting my money back!






  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2022-05-28, 15:06

I've noticed that the email notice of pending cert expirations seems to have stopped almost completely at this point. I'm actively monitoring my certs now with a Zabbix server. I just can't trust they will auto-renew nor can I trust that I'll get the email letting me know they are expiring.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there a way to accept invalid certs with Safari? turtle Genius Bar 4 2020-05-18 19:03
How long do registries/registrars hold expired domains before offering them for sale? Robo Programmer's Nook 3 2009-10-11 01:27
Site rip -> PDF eleazar Genius Bar 7 2009-02-11 17:54
Expired trial: Filemaker Pro. Need data! torifile Genius Bar 18 2007-11-29 21:04
Still getting this Domain is expired!! scratt Feedback 2 2005-09-12 03:50


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 12:55.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova