Reply
 
Thread Tools Display Modes
  #1  
Old 12-06-2018, 07:17 PM
PastTense PastTense is online now
Guest
 
Join Date: Jan 2013
Posts: 6,998
Straight Dope: Site Not Secure, Invalid Certificate, Expired Certificate

I just got a message coming to this site using Firefox and had to add an exception.
  #2  
Old 12-06-2018, 07:18 PM
Melbourne Melbourne is offline
Guest
 
Join Date: Nov 2009
Posts: 4,297
Certificate Expiry

I see that your HTTPS certificate expired today.

Personally, I'd prefer to have HTTPS disabled, and return to HTTP, but I understand that the big advertising company is controlling the browsers most people use.
  #3  
Old 12-06-2018, 07:18 PM
Bullitt's Avatar
Bullitt Bullitt is online now
Member
 
Join Date: Apr 2012
Location: SF Giants Nation 10-12-14
Posts: 24,514
Invalid Certificate for SDMB?

This just started happening. Is anyone else getting these errors? I've tried in Chrome, Edge, and Firefox, and I get the same error on all three.


Is this a global problem, or a local one? If local, is there something that I need to fix or set?
  #4  
Old 12-06-2018, 07:19 PM
Bullitt's Avatar
Bullitt Bullitt is online now
Member
 
Join Date: Apr 2012
Location: SF Giants Nation 10-12-14
Posts: 24,514
We both just posted about the same thing.
  #5  
Old 12-06-2018, 07:20 PM
nightshadea nightshadea is offline
Guest
 
Join Date: May 2001
Location: a condo in hell 10th lvl
Posts: 3,852
im getting a certificate error

and its not letting me get to the site unless I click ob details and where it says go on to thye web page


heres the page I get :
This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.


Go to your Start page
Details
The website’s security certificate is not yet valid or has expired.
Error Code: DLG_FLAGS_SEC_CERT_DATE_INVALID
Go on to the webpage (Not recommended)
  #6  
Old 12-06-2018, 07:22 PM
nightshadea nightshadea is offline
Guest
 
Join Date: May 2001
Location: a condo in hell 10th lvl
Posts: 3,852
I just posted a thread on this heh
  #7  
Old 12-06-2018, 07:27 PM
ThelmaLou's Avatar
ThelmaLou ThelmaLou is offline
Member
 
Join Date: May 2010
Location: Neither here nor there
Posts: 14,365
Yeah, Kaspersky freaked out and I had to slip the guard a fifth of vodka to get past him into the Dope.
__________________
Barely good enough to do the job most of the time. (Thanks, guestchaz.)
  #8  
Old 12-06-2018, 07:29 PM
Bone's Avatar
Bone Bone is offline
Extrajudicial
Moderator
 
Join Date: Jul 2003
Posts: 9,643
Moderating

So like, did a certificate expire or something? I merged like 4 threads together to consolidate and have emailed folks behind the scenes.

[/moderating]
  #9  
Old 12-06-2018, 07:30 PM
Beckdawrek's Avatar
Beckdawrek Beckdawrek is offline
Member
 
Join Date: Aug 2017
Location: So.Ark ?
Posts: 10,919
Same here. I emailed somebody thinking I need to change my password. Whomever can disregard that.
  #10  
Old 12-06-2018, 07:31 PM
AnalogSignal AnalogSignal is offline
Member
 
Join Date: Feb 2010
Posts: 1,576
The certificate just expired 30 minutes ago. The site admin needs to get a new certificate to resolve this.
  #11  
Old 12-06-2018, 07:35 PM
BigT's Avatar
BigT BigT is online now
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 35,225
Yeah, the certificate expired. Ed got one that lasted a year from last year, rather than the shorter autorenewing ones.

I'm actually quite concerned about the site given how it seems that it seems tech support is completely uninterested in working on anything, even simple changes. It was one thing when Ed's hired support was busy with other changes, but now?
  #12  
Old 12-06-2018, 07:40 PM
BigT's Avatar
BigT BigT is online now
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 35,225
The certificate on the main site is still valid, and used Let's Encrypt, which sets up those smaller, auto-renewing certificates. I do not know why the board is using a different certificate authority.
  #13  
Old 12-06-2018, 07:42 PM
bordelond's Avatar
bordelond bordelond is offline
Guest
 
Join Date: Dec 1999
Location: La Rive Ouest
Posts: 9,880
Quote:
Originally Posted by Bullitt View Post
Is this a global problem, or a local one? If local, is there something that I need to fix or set?
FWIW, it is in fact a global issue. Also affects how the site displays on some browsers.
  #14  
Old 12-06-2018, 07:47 PM
Qadgop the Mercotan's Avatar
Qadgop the Mercotan Qadgop the Mercotan is offline
Charter Member
 
Join Date: Apr 2000
Location: Slithering on the hull
Posts: 26,653
What a PITA.
  #15  
Old 12-06-2018, 07:51 PM
BigT's Avatar
BigT BigT is online now
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 35,225
What's really bugging me is that on Chrome, it's not doing what it did on another site. It keeps periodically bringing back up the warning message, even though I chose to bypass it. Before, it's always just let me keep using the site without question.

I don't want to have to turn off certificate validation in general. And signing my own certificate for the site seems complicated.
  #16  
Old 12-06-2018, 07:58 PM
Beckdawrek's Avatar
Beckdawrek Beckdawrek is offline
Member
 
Join Date: Aug 2017
Location: So.Ark ?
Posts: 10,919
Surely the PTB are working on it.
  #17  
Old 12-06-2018, 08:00 PM
Qadgop the Mercotan's Avatar
Qadgop the Mercotan Qadgop the Mercotan is offline
Charter Member
 
Join Date: Apr 2000
Location: Slithering on the hull
Posts: 26,653
Quote:
Originally Posted by Beckdawrek View Post
Surely the PTB are working on it.
Don't call me Shirley
  #18  
Old 12-06-2018, 08:05 PM
Beckdawrek's Avatar
Beckdawrek Beckdawrek is offline
Member
 
Join Date: Aug 2017
Location: So.Ark ?
Posts: 10,919
Oh, I see, Shirley forgot the squirrel kibble.
  #19  
Old 12-06-2018, 08:56 PM
AnalogSignal AnalogSignal is offline
Member
 
Join Date: Feb 2010
Posts: 1,576
It looks like someone just put in a fresh certificate. We should be good.
  #20  
Old 12-06-2018, 09:18 PM
Bullitt's Avatar
Bullitt Bullitt is online now
Member
 
Join Date: Apr 2012
Location: SF Giants Nation 10-12-14
Posts: 24,514
Quote:
Originally Posted by AnalogSignal View Post
It looks like someone just put in a fresh certificate. We should be good.
We should thank Shirley.
  #21  
Old 12-06-2018, 09:59 PM
AncientHumanoid's Avatar
AncientHumanoid AncientHumanoid is offline
Guest
 
Join Date: Oct 2002
Location: Quantum foam
Posts: 24,401
Is this some kind of bust, or what?
__________________
That is not dead which can eternal lie,
And with strange aeons even death may die.
  #22  
Old 12-06-2018, 10:17 PM
Beckdawrek's Avatar
Beckdawrek Beckdawrek is offline
Member
 
Join Date: Aug 2017
Location: So.Ark ?
Posts: 10,919
Someone flushed the incriminating evidence.
  #23  
Old 12-06-2018, 10:18 PM
cochrane cochrane is online now
Guest
 
Join Date: Jun 2006
Location: The Nekkid Pueblo
Posts: 20,924
Quote:
Originally Posted by AncientHumanoid View Post
Is this some kind of bust, or what?
Nice beaver!
  #24  
Old 12-06-2018, 10:21 PM
TubaDiva's Avatar
TubaDiva TubaDiva is offline
Capo di tutti capi
Administrator
 
Join Date: Mar 1999
Location: In the land of OO-bla-dee
Posts: 10,902
I've contacted Sun-Times management to let them know about this issue.

(Sorry I didn't see this earlier, I was playing a Christmas concert this evening. 'Tis the season and all that.)

Hoping for a quick resolution to this problem.

Jenny
your humble TubaDiva
Administrator

Last edited by TubaDiva; 12-06-2018 at 10:22 PM.
  #25  
Old 12-06-2018, 10:35 PM
AnalogSignal AnalogSignal is offline
Member
 
Join Date: Feb 2010
Posts: 1,576
It's already fixed.
  #26  
Old 12-06-2018, 10:45 PM
TubaDiva's Avatar
TubaDiva TubaDiva is offline
Capo di tutti capi
Administrator
 
Join Date: Mar 1999
Location: In the land of OO-bla-dee
Posts: 10,902
All right then!

Jenny
your humble TubaDiva
Administrator
  #27  
Old 12-07-2018, 12:42 AM
Bullitt's Avatar
Bullitt Bullitt is online now
Member
 
Join Date: Apr 2012
Location: SF Giants Nation 10-12-14
Posts: 24,514
Quote:
Originally Posted by AncientHumanoid View Post
Is this some kind of bust, or what?
If you were asking me, umm, no it wasn't.
  #28  
Old 12-07-2018, 01:35 AM
BigT's Avatar
BigT BigT is online now
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 35,225
Now I'm left to wonder how it got fixed. If Tuba didn't contact anyone, how did whoever needed to renew/replace the certificate find out? Are there some tech elves in the background who don't have an account?

Or was the problem actually on the issuer's side, and the certificate renewal had been paid for, but they forgot to actually renew it? I note the issuer path looks different now, with 5 nodes instead of 3.

Last edited by BigT; 12-07-2018 at 01:37 AM.
  #29  
Old 12-07-2018, 01:59 AM
Terminus Est's Avatar
Terminus Est Terminus Est is online now
Guest
 
Join Date: Apr 2001
Location: The tropics
Posts: 7,288
If it's already fixed, why does Chrome still say "Site Not Secure" for me? I don't get the big scary warning page, but all SDMB still goes to "http" rather than "https". That is, the URLs still properly say "https" but they all automatically redirect to "http".
  #30  
Old 12-07-2018, 02:17 AM
SenorBeef SenorBeef is online now
Guest
 
Join Date: Aug 2001
Location: Las Vegas, NV
Posts: 27,474
Quote:
Originally Posted by Melbourne View Post
I see that your HTTPS certificate expired today.

Personally, I'd prefer to have HTTPS disabled, and return to HTTP, but I understand that the big advertising company is controlling the browsers most people use.
What's the case against HTTPS?
  #31  
Old 12-07-2018, 02:28 AM
rat avatar's Avatar
rat avatar rat avatar is offline
Member
 
Join Date: Dec 2009
Location: Seattle, Wa
Posts: 5,061
Quote:
Originally Posted by SenorBeef View Post
What's the case against HTTPS?
None really, especially after July of this year as chrome now properly marks all HTTP sites as "not secure".

I would be that several users on here use the same password on this site on other more critical websites. HTTP means you are broadcasting this password to anyone who cares to look.
  #32  
Old 12-07-2018, 02:59 AM
PastTense PastTense is online now
Guest
 
Join Date: Jan 2013
Posts: 6,998
Quote:
Originally Posted by BigT View Post
Now I'm left to wonder how it got fixed. If Tuba didn't contact anyone, how did whoever needed to renew/replace the certificate find out? Are there some tech elves in the background who don't have an account?
Further up in the thread (post #8 at 6:29 pm) Bone said that he had emailed the tech people.

Tuba didn't show up until 9:21 pm.

Last edited by PastTense; 12-07-2018 at 03:01 AM.
  #33  
Old 12-07-2018, 06:04 AM
Terminus Est's Avatar
Terminus Est Terminus Est is online now
Guest
 
Join Date: Apr 2001
Location: The tropics
Posts: 7,288
Quote:
Originally Posted by Terminus Est View Post
If it's already fixed, why does Chrome still say "Site Not Secure" for me? I don't get the big scary warning page, but all SDMB still goes to "http" rather than "https". That is, the URLs still properly say "https" but they all automatically redirect to "http".
OK, this seems to have fixed itself on my end.
  #34  
Old 12-07-2018, 03:29 PM
ftg's Avatar
ftg ftg is offline
Guest
 
Join Date: Feb 2001
Location: Not the PNW :-(
Posts: 18,082
Several references to Airplane! but none to the most natural one?

This certificate is no more! It has ceased to be! It's expired and gone to meet its maker! ... THIS IS AN EX-CERTIFICATE!

Well, I'd better replace it, then.
  #35  
Old 12-07-2018, 04:15 PM
TubaDiva's Avatar
TubaDiva TubaDiva is offline
Capo di tutti capi
Administrator
 
Join Date: Mar 1999
Location: In the land of OO-bla-dee
Posts: 10,902
Sorry for the inconvenience; it was in process earlier in the day on Thursday and was thought handled. Not sure what transpired but then it wasn't and now it is for sure and the system reset.

We should be good to go now.

Jenny
your humble TubaDiva
Administrator
  #36  
Old 12-07-2018, 09:01 PM
AncientHumanoid's Avatar
AncientHumanoid AncientHumanoid is offline
Guest
 
Join Date: Oct 2002
Location: Quantum foam
Posts: 24,401
Mine wasn't an Airplane ref.
__________________
That is not dead which can eternal lie,
And with strange aeons even death may die.
  #37  
Old 12-07-2018, 11:03 PM
Melbourne Melbourne is offline
Guest
 
Join Date: Nov 2009
Posts: 4,297
Quote:
Originally Posted by SenorBeef View Post
What's the case against HTTPS?
Get off my Lawn.

Oh, you mean apart from that? I work with small HTTP systems. Moving to HTTPS means moving to a processor that costs 10 times as much, with 100 times as much memory. Out of which we get worthless security and still require a VPN, because actual security would require even more memory, more development costs, and would still be unfit for purpose. It means old web browsers don't work, which means that old operating systems don't work. It means that caching doesn't work. These are trivial objections, but it means that the whole ecosystem, which was working perfectly well, has to be discarded. It's like being told that your 30 year old car, that you've lovingly maintained by hand, has to be discarded because you can't get replacement windshield wipers anymore.

It's particularly galling because it's being driven by the big advertising and data mining companies.
  #38  
Old 12-07-2018, 11:37 PM
DooWahDiddy DooWahDiddy is offline
Guest
 
Join Date: Jun 1999
Location: Vero Beach, FL
Posts: 2,480
Quote:
Originally Posted by ftg View Post
Several references to Airplane! but none to the most natural one?

This certificate is no more! It has ceased to be! It's expired and gone to meet its maker! ... THIS IS AN EX-CERTIFICATE!

Well, I'd better replace it, then.
Quote:
Originally Posted by AncientHumanoid View Post
Mine wasn't an Airplane ref.
Neither was his.
  #39  
Old Yesterday, 09:50 PM
BigT's Avatar
BigT BigT is online now
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 35,225
Quote:
Originally Posted by Melbourne View Post
Get off my Lawn.

Oh, you mean apart from that? I work with small HTTP systems. Moving to HTTPS means moving to a processor that costs 10 times as much, with 100 times as much memory. Out of which we get worthless security and still require a VPN, because actual security would require even more memory, more development costs, and would still be unfit for purpose. It means old web browsers don't work, which means that old operating systems don't work. It means that caching doesn't work. These are trivial objections, but it means that the whole ecosystem, which was working perfectly well, has to be discarded. It's like being told that your 30 year old car, that you've lovingly maintained by hand, has to be discarded because you can't get replacement windshield wipers anymore.

It's particularly galling because it's being driven by the big advertising and data mining companies.
It also just adds extra complexity, meaning another thing that can go wrong, just like it did here. It makes sense that you want that for higher security sites, and can make at least some sense on any site with a login. But there are still purely passive, information only sites out there that would work fine on HTTP.

The big thing that made me aware was trying what is mentioned in this xkcd comic. I got an older Kindle that still uses cellular data. But it can't handle HTTPS. So no Wikipedia for me--not even in read-only mode. I could at least read the Dope, but that's gone now, too. (I did at least eventually find a few years old dump of Wikipedia available on HTTP, but the URL is annoying long.)

I have noticed old browsers not being able to connect not because they don't have HTTPS, but because they use an older, less secure form. That context doesn't bother me as much, since you can usually upgrade to a better browser--for now. But when it's a device, it kinda sucks.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:02 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright © 2018 STM Reader, LLC.

 
Copyright © 2017