Reply
 
Thread Tools Display Modes
  #1  
Old 01-10-2020, 07:13 PM
Jeff Lichtman's Avatar
Jeff Lichtman is offline
Head Cheese
Charter Member
 
Join Date: Feb 2000
Location: El Cerrito, CA
Posts: 4,455

Expired security certificate


When I try to connect to boards.straightdope.com/sbmd I get the following error from Bitdefender (my antivirus program) displayed in my browser:

Quote:
Suspicious page blocked for your protection
https://boards.straightdope.com/sdmb/
Your connection to this web page is not safe due to an expired security certificate.
Web pages must renew their certificates to stay current, and outdated security certificates represent a risk for your data.
This similar error popped up three times in Bitdefender, probably because I had some pages that I had left open for some time:

Quote:
chrome.exe attempted to establish a connection relying on an expired certificate to boards.straightdope.com. We blocked the connection to keep your data safe since web pages must renew their certificates with a certification authority to stay current, and outdated security certificates represent a risk.
This happened just a few minutes ago. Obviously, I was able to get past the error to post this message.
__________________
'Tis a pity that I have no gravy to put upon Uncle Hymie.
  #2  
Old 01-10-2020, 07:24 PM
Jeff Lichtman's Avatar
Jeff Lichtman is offline
Head Cheese
Charter Member
 
Join Date: Feb 2000
Location: El Cerrito, CA
Posts: 4,455
BTW, I don't get the same errors from the Straight Dope main web site (straightdope.com).
__________________
'Tis a pity that I have no gravy to put upon Uncle Hymie.
  #3  
Old 01-10-2020, 07:32 PM
Jeff Lichtman's Avatar
Jeff Lichtman is offline
Head Cheese
Charter Member
 
Join Date: Feb 2000
Location: El Cerrito, CA
Posts: 4,455
The problem seems to have gone away, at least temporarily.

The expired security certificates had a validity from 1/9/2019 to 1/10/2020. The new certificates that I get when I connect without an error have a validity from 1/10/2020 to 1/11/2020. Yes, that's one day. Does this mean the problem will recur tomorrow?
__________________
'Tis a pity that I have no gravy to put upon Uncle Hymie.
  #4  
Old 01-10-2020, 07:36 PM
Spiderman's Avatar
Spiderman is offline
Member
 
Join Date: Oct 2000
Location: somewhere East of there
Posts: 11,446
Quote:
Originally Posted by Jeff Lichtman View Post
This happened just a few minutes ago. Obviously, I was able to get past the error to post this message.
I just got it too, looks like it expired w/in the last hour. One can get around it by clicking on the "No, don't do it, it's dangerous & we don't recommend it link " Postpone your membership renewal & then you're not giving them any secure data anyway as I'd hope our users are smart enough to not reuse signons/passwords on multiple sites.
  #5  
Old 01-10-2020, 07:42 PM
Iggy is offline
Guest
 
Join Date: Jun 2012
Location: somewhere else
Posts: 5,423
Just got it too. Using Chrome browser.
  #6  
Old 01-10-2020, 07:43 PM
bobot's Avatar
bobot is offline
Member
 
Join Date: Jan 2009
Location: Chicago-ish
Posts: 9,532
Lord, Mozilla don't wan't me to come here. I had to click this, except that, just to allow the page to load. Got it done, yay for me? Not trying to be a dick here, but this really never happens with any other site I visit. Like none of them. I understand this place is special, but come on, now, let's get this together.
  #7  
Old 01-10-2020, 07:45 PM
Musicat is offline
Charter Member
 
Join Date: Oct 1999
Location: Sturgeon Bay, WI USA
Posts: 21,521
It just happened to me, right now. Chrome.
  #8  
Old 01-10-2020, 07:47 PM
Guinastasia's Avatar
Guinastasia is offline
Member
 
Join Date: Jul 2000
Location: Pittsburgh, PA
Posts: 53,036
Same here, Firefox.
  #9  
Old 01-10-2020, 08:02 PM
Leaffan's Avatar
Leaffan is online now
Member
 
Join Date: Aug 2005
Location: Ottawa
Posts: 24,896
Yep. Chrome on Android.
  #10  
Old 01-10-2020, 08:03 PM
atimnie's Avatar
atimnie is online now
Guest
 
Join Date: Aug 2019
Posts: 4,311
I got a fucking clock error on Chrome (Slimjet)

Your clock is ahead
No it's not, asshole.

A private connection to boards.straightdope.com can't be established because your computer's date and time (Friday, January 10, 2020 at 6:56:06 PM) are incorrect.
The time is fucking right, stop saying it isn't.

To establish a secure connection, your clock needs to be set correctly. This is because the certificates that websites use to identify themselves are only valid for specific periods of time. Since your device's clock is incorrect,
STOP SAYING THAT!

Slimjet cannot verify these certificates.

And fucking Chrome doesn't offer a workaround that I can see, had to post this on Firefox.

Seriously, this fucking board is not good for my stress levels.
__________________
Wait, you can do signatures?
  #11  
Old 01-10-2020, 08:12 PM
Kent Clark's Avatar
Kent Clark is offline
Charter Member
 
Join Date: Apr 1999
Posts: 27,338
Yup, Chrome on Windows.

Your connection is not private
Attackers might be trying to steal your information from boards.straightdope.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_DATE_INVALID

Help improve Chrome security by sending URLs of some pages you visit, limited system information, and some page content to Google. Privacy policy
This server could not prove that it is boards.straightdope.com; its security certificate expired in the last day. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Friday, January 10, 2020. Does that look right? If not, you should correct your system's clock and then refresh this page.

Proceed to boards.straightdope.com (unsafe)
  #12  
Old 01-10-2020, 08:15 PM
I Love Me, Vol. I's Avatar
I Love Me, Vol. I is offline
Charter Member
 
Join Date: May 2003
Location: SF
Posts: 4,727
Yeah, same thing for me, on Chrome. I hate this.
  #13  
Old 01-10-2020, 08:19 PM
What Exit?'s Avatar
What Exit? is online now
Member
 
Join Date: Jun 2005
Location: Central NJ (near Bree)
Posts: 29,749
Once you click through it once in Chrome, you should be OK with the Dope for a while.

I did send an alert (report Post) to the Mods to hopefully get their attention a little sooner.
  #14  
Old 01-10-2020, 08:44 PM
Kent Clark's Avatar
Kent Clark is offline
Charter Member
 
Join Date: Apr 1999
Posts: 27,338
Quote:
Originally Posted by What Exit? View Post
Once you click through it once in Chrome, you should be OK with the Dope for a while.
Or, you can keep getting the damn warning over and over again. . .
  #15  
Old 01-10-2020, 09:03 PM
Colibri's Avatar
Colibri is offline
SD Curator of Critters
Moderator
 
Join Date: Oct 2000
Location: Panama
Posts: 43,837
The appropriate IT people have been informed. But it is the weekend. (This exhausts the information I have on the problem.)
  #16  
Old 01-10-2020, 08:25 PM
nightshadea is offline
Guest
 
Join Date: May 2001
Location: a condo in hell 10th lvl
Posts: 6,079
just got this on edge:

This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.


Go to your Start page
Details
  #17  
Old 01-10-2020, 08:28 PM
The Stainless Steel Rat's Avatar
The Stainless Steel Rat is offline
Member
 
Join Date: Feb 2004
Location: Close to the Saturn V
Posts: 11,232
Firefox for me, got the same 'is your time wrong' stuff, but they weren't fanatic about it and 'go advanced' told me it was a certificate problem and let me click through. Still a bit of a bother.
  #18  
Old 01-10-2020, 08:29 PM
asahi's Avatar
asahi is offline
Guest
 
Join Date: Aug 2015
Location: On your computer screen
Posts: 11,590
Chrome and Firefox: connection not private.
  #19  
Old 01-10-2020, 09:04 PM
TheCuse is offline
Guest
 
Join Date: Feb 2015
Posts: 229
I'm using Firefox on a Mac, and no issues for me.
  #20  
Old 01-10-2020, 09:12 PM
Marvin the Martian is offline
Member
 
Join Date: Jun 2015
Location: Phoenix, AZ, USA
Posts: 1,355
Just had the issue Safari on iPad
  #21  
Old 01-10-2020, 09:17 PM
Squink is offline
Guest
 
Join Date: Oct 2000
Location: Yes
Posts: 20,452
Got warning on Mac, Firefox 72.01 - the latest vers.
  #22  
Old 01-10-2020, 09:18 PM
dropzone's Avatar
dropzone is offline
Member
 
Join Date: May 2000
Location: Bedlam
Posts: 30,312
I'm looking for who to blame, and have narrowed it down to Russia, Ukraine, Iran, Iraq, Canada, or NorKo. I was blaming Trump or Biden, but it would require tech skills, and who am I kidding?
  #23  
Old 01-10-2020, 10:09 PM
Kent Clark's Avatar
Kent Clark is offline
Charter Member
 
Join Date: Apr 1999
Posts: 27,338
Quote:
Originally Posted by dropzone View Post
I was blaming Trump or Biden, but it would require tech skills, and who am I kidding?
So. . . Obama? Yang?

Last edited by Kent Clark; 01-10-2020 at 10:09 PM.
  #24  
Old 01-10-2020, 09:22 PM
TubaDiva's Avatar
TubaDiva is offline
Capo di tutti capi
Administrator
 
Join Date: Mar 1999
Location: In the land of OO-bla-dee
Posts: 11,272
We're currently waiting on the new certificate to propagate everywhere, that might take a little bit of time. But the situation is fixed.

Sorry for the inconvenience.

Jenny
your humble TubaDiva
Administrator
  #25  
Old 01-10-2020, 09:56 PM
puzzlegal's Avatar
puzzlegal is offline
Guest
 
Join Date: Jul 2014
Posts: 5,190
Quote:
Originally Posted by TubaDiva View Post
We're currently waiting on the new certificate to propagate everywhere, that might take a little bit of time. But the situation is fixed.

Sorry for the inconvenience.

Jenny
your humble TubaDiva
Administrator
Thanks for taking care of it, and for letting us know it was taken care of!
  #26  
Old 01-10-2020, 09:46 PM
Johnny L.A. is offline
Charter Member
 
Join Date: Jan 2000
Location: NoWA
Posts: 62,127
Here, I took screen shots of the warning and the certificate expiry, and there's already a thread!
  #27  
Old 01-10-2020, 10:10 PM
kopek's Avatar
kopek is offline
born to be shunned
 
Join Date: Jul 2007
Location: Southwestern PA
Posts: 15,959
I just got it now in Chrome. I went "advanced" and verified that my clock was correct (and that I know the Dope and my fellow Dopers and that NONE of us are "right" . . ) and came on in

What can I say? I live a life of risk.
  #28  
Old 01-10-2020, 10:30 PM
DrDeth is offline
Charter Member
 
Join Date: Mar 2001
Location: San Jose
Posts: 43,235
Yep and now things look weird on this page, the emoticons are named, "ordered list" is spelled out, etc.
  #29  
Old 01-10-2020, 10:34 PM
kopek's Avatar
kopek is offline
born to be shunned
 
Join Date: Jul 2007
Location: Southwestern PA
Posts: 15,959
And it gets worse ---- two of my replies since the above Chrome has made me jump through the "not secure", "advanced" and "are you really REALLY sure you want to talk to these people" hoops twice just to post.
  #30  
Old 01-11-2020, 12:10 AM
Spiderman's Avatar
Spiderman is offline
Member
 
Join Date: Oct 2000
Location: somewhere East of there
Posts: 11,446
Quote:
Originally Posted by kopek View Post
And it gets worse ---- two of my replies since the above Chrome has made me jump through the "not secure", "advanced" and "are you really REALLY sure you want to talk to these people" hoops twice just to post.
Sadly, that's a new feature, not a bug.
  #31  
Old 01-11-2020, 01:42 AM
kopek's Avatar
kopek is offline
born to be shunned
 
Join Date: Jul 2007
Location: Southwestern PA
Posts: 15,959
Quote:
Originally Posted by Spiderman View Post
Sadly, that's a new feature, not a bug.

It was worse in Safari -- for them I had to reconfigure my security and totally sign in my computer a second time. I may log off and come back with my ancient Firefox and mini just to see what happens there. Everything is so ancient and unsupported it probably works like a Champ!
  #32  
Old 01-10-2020, 10:47 PM
atimnie's Avatar
atimnie is online now
Guest
 
Join Date: Aug 2019
Posts: 4,311
I swear to god, they do this on purpose, and by they, I don't mean this site, but the internet in general. It's become sentient and is doing this just to piss everyone off.
__________________
Wait, you can do signatures?
  #33  
Old 01-10-2020, 11:04 PM
HMS Irruncible is offline
Guest
 
Join Date: Nov 2004
Posts: 8,942
Quote:
Originally Posted by atimnie View Post
I swear to god, they do this on purpose, and by they, I don't mean this site, but the internet in general. It's become sentient and is doing this just to piss everyone off.
No this is just pure administrative incompetence. You buy an SSL cert, you note the expiration date, you set yourself a calendar notice to renew it a month before that date.

Seriously y'all, do better, this is just embarrassing.
  #34  
Old 01-10-2020, 11:12 PM
Duckster's Avatar
Duckster is offline
Charter Member
 
Join Date: Aug 2001
Posts: 14,663
Got it just now.


Firefox on Windows.
  #35  
Old 01-11-2020, 02:56 AM
Disgruntled Penguin is offline
Guest
 
Join Date: Sep 2009
Posts: 1,267
Quote:
Originally Posted by HMS Irruncible View Post
No this is just pure administrative incompetence. You buy an SSL cert, you note the expiration date, you set yourself a calendar notice to renew it a month before that date.

Seriously y'all, do better, this is just embarrassing.
Eh, google once let their domain registration expire and had to buy it back. Stuff happens, even to the giants of the industry. This lapse is nowhere near that bad.
  #36  
Old 01-11-2020, 03:35 AM
Terminus Est's Avatar
Terminus Est is offline
Guest
 
Join Date: Apr 2001
Location: The tropics
Posts: 7,780
If the constant warning messages are starting to annoy you (as they did me), you can tell Chrome on Windows to ignore the error by launching it with the "-ignore-certificate-errors" option. Just set up a shortcut with the target:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -ignore-certificate-errors
  #37  
Old 01-11-2020, 05:14 AM
BigT's Avatar
BigT is offline
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 37,004
Quote:
Originally Posted by Disgruntled Penguin View Post
Eh, google once let their domain registration expire and had to buy it back. Stuff happens, even to the giants of the industry. This lapse is nowhere near that bad.
Plus there's the fact that it's completely different people doing it this time than last. There's been a complete change in leadership since last year at this time. I doubt it's even the same tech people.

Sure, ideally they'd check the expiry when they took over. But I have a feeling that our admin is handling it herself, and she was kinda busy at that time. It's entirely understandable that Tuba didn't keep track of when the certificate would expire.

All this said, I don't see any reason not to use Let's Encrypt, which is both free and auto renews ever few months. Since Tuba was involved in handling the main site, I'm hoping she may have gotten a Let's Encrypt certificate and made this a problem of the past.
  #38  
Old 01-11-2020, 11:10 AM
scabpicker's Avatar
scabpicker is offline
Yo soy pinche idiota
Charter Member
 
Join Date: Oct 2003
Location: Funkytown (Fort Worth)
Posts: 4,825
Quote:
Originally Posted by BigT View Post
Plus there's the fact that it's completely different people doing it this time than last. There's been a complete change in leadership since last year at this time. I doubt it's even the same tech people.

Sure, ideally they'd check the expiry when they took over. But I have a feeling that our admin is handling it herself, and she was kinda busy at that time. It's entirely understandable that Tuba didn't keep track of when the certificate would expire.

All this said, I don't see any reason not to use Let's Encrypt, which is both free and auto renews ever few months. Since Tuba was involved in handling the main site, I'm hoping she may have gotten a Let's Encrypt certificate and made this a problem of the past.
Yeah, the product I support is used by a bunch of multinationals and government orgs, and we have a constant stream of tickets saying their cert expired and they need assistance updating it NOW! I kind of see it as a failure of their processes (we had automated notifications set up when I worked in hosting), but it's far from an uncommon mistake. I see it all the time.

On top of that, you have to know all of the places you want to install the cert. I've helped more than one customer over the years track down where that request was being served from. Again, should be documented in your processes, but it's not a rare situation for it not to be.

Let's Encrypt is great, but you've got to be running in an environment that supports one of the clients. The product I support doesn't support it, so it's not an option for my customers.

So, yeah, not a stellar moment, but I have sympathy.
  #39  
Old 01-10-2020, 11:18 PM
cochrane is offline
Guest
 
Join Date: Jun 2006
Location: The Nekkid Pueblo
Posts: 22,691
The boards won't let me come in using https, so there's still definitely an issue. I had to prefix the URL with http://
  #40  
Old 01-11-2020, 11:35 AM
cochrane is offline
Guest
 
Join Date: Jun 2006
Location: The Nekkid Pueblo
Posts: 22,691
Quote:
Originally Posted by cochrane View Post
The boards won't let me come in using https, so there's still definitely an issue. I had to prefix the URL with http://
It's working for me again using https.
  #41  
Old 01-11-2020, 12:01 AM
TubaDiva's Avatar
TubaDiva is offline
Capo di tutti capi
Administrator
 
Join Date: Mar 1999
Location: In the land of OO-bla-dee
Posts: 11,272
It's not fully propagated yet, I think that's the problem.

Give it another 12-24 hours and let's see if that doesn't work more better.

Sorry for the inconvenience, everyone.

Jenny
your humble TubaDiva
Administrator
  #42  
Old 01-11-2020, 12:58 AM
TruCelt's Avatar
TruCelt is offline
Guest
 
Join Date: Jan 2009
Location: Near Washington, DC
Posts: 11,691
Getting the same error in Chrome (Windows 10) today:


Your connection is not private
Attackers might be trying to steal your information from boards.straightdope.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_DATE_INVALID

Help improve Chrome security by sending URLs of some pages you visit, limited system information, and some page content to Google. Privacy policy
This server could not prove that it is boards.straightdope.com; its security certificate expired in the last day. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Saturday, January 11, 2020. Does that look right? If not, you should correct your system's clock and then refresh this page.

Proceed to boards.straightdope.com (unsafe)

Last edited by TruCelt; 01-11-2020 at 12:59 AM.
  #43  
Old 01-11-2020, 02:00 AM
kopek's Avatar
kopek is offline
born to be shunned
 
Join Date: Jul 2007
Location: Southwestern PA
Posts: 15,959
Curiosity solved; my first generation mini and Firefox 48.0.2 still LOVES the SDMB. So for all those having issues the solution is shop eBay for a really old Apple and keep it around for emergencies like this.
  #44  
Old 01-11-2020, 03:54 AM
RTFirefly is online now
Charter Member
 
Join Date: Apr 1999
Location: Maryland
Posts: 40,265
Chrome, just now:
Quote:
Your computer's clock is currently set to Saturday, January 11, 2020. Does that look right?
You tell me, Google - does that time look right to you? Don't you know what time it is?

Does anybody really know what time it is?
Does anybody really care?


  #45  
Old 01-11-2020, 05:17 AM
BigT's Avatar
BigT is offline
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 37,004
Quote:
Originally Posted by RTFirefly View Post
Chrome, just now:You tell me, Google - does that time look right to you? Don't you know what time it is?

Does anybody really know what time it is?
Does anybody really care?


I hadn't thought of that, but you're not wrong. Chrome could check the time with Google's servers and thus be able to tell you if you clock is off by enough to have been the cause of the certificate error.
  #46  
Old 01-11-2020, 09:19 AM
kopek's Avatar
kopek is offline
born to be shunned
 
Join Date: Jul 2007
Location: Southwestern PA
Posts: 15,959
The old computer again -- since I have it why not? But even with the Air I guess I'm more curious than annoyed; all this tech stuff still fascinates me. I know about the work-around for Chrome but my understanding is that it would basically cancel the certificate checks across the board and I still would like to be warned if I hit something like this somewhere other than the Dope. And at least Chrome has a slightly easy (at least in Catalina) way of saying I trust these folks and ignore for now. Safari is actually far worse; even after I did their version of that I had to reiterate it several times, do the whole computer log-in over and over and confirm I was actually me right up to closing it. In Chrome this is a basic papercut. In Safari its more like getting slashed across the back with a meat cleaver. I was always a little curious about why folks across the boards have been down on Safari the last 8 years or so - now I'm seeing why for myself.
  #47  
Old 01-11-2020, 09:32 AM
Tripler is offline
Charter Member
 
Join Date: May 2000
Location: JSOTF SDMB, OL-LANL
Posts: 7,329
I just got the similar error. I'm using a Win 10 machine with Firefox.

Tripler
Personally, I blame the Keebler elves.
  #48  
Old 01-11-2020, 09:44 AM
dogbutler's Avatar
dogbutler is offline
Charter Member
 
Join Date: Feb 2001
Location: Raleigh N.C.
Posts: 13,707
Still doing it for me.
__________________
I used to be clueless, but I turned that around 360 degrees. -Ratbert
dogbutler-Not an ax murderer!
I hang out with the Cool kids
  #49  
Old 01-11-2020, 09:49 AM
ftg's Avatar
ftg is offline
Member
 
Join Date: Feb 2001
Location: Not the PNW :-(
Posts: 21,105
Problem definitely not fixed.
  #50  
Old 01-11-2020, 10:03 AM
aceplace57 is offline
Guest
 
Join Date: Oct 2009
Location: CentralArkansas
Posts: 26,607
Yup, I have the warning Triangle next to the URL. Chrome isn't happy that I insisted on connecting here.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:25 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright 2019 STM Reader, LLC.

 
Copyright © 2017