Author |
Topic |
|
TheIriaeban
Master of Realmslore
USA
1289 Posts |
Posted - 13 Jan 2023 : 01:01:50
|
I keep getting an invalid certificate error in my browser when accessing the forums. Anyone else seeing that?
|
"Iriaebor is a fine city. So what if you can have violence between merchant groups break out at any moment. Not every city can offer dinner AND a show."
My FR writeups - http://www.mediafire.com/folder/um3liz6tqsf5n/Documents
|
|
Blademaster
Acolyte
Canada
5 Posts |
Posted - 13 Jan 2023 : 01:37:07
|
Yes, I just go the same message when I logged in this evening. |
|
|
Wooly Rupert
Master of Mischief
USA
36809 Posts |
|
Ashe Ravenheart
Great Reader
USA
3243 Posts |
Posted - 13 Jan 2023 : 02:20:49
|
quote: Originally posted by Wooly Rupert
Got the message, myself. I'm about to ping Big Al.
I wonder if it has to do with the link to Paizo's announcement. I'm noticing it comes up especially if going to that scroll. Since Paizo's site is down, the link doesn't respond, and maybe site security can't verify everything's good. |
I actually DO know everything. I just have a very poor index of my knowledge.
Ashe's Character Sheet
Alphabetized Index of Realms NPCs |
|
|
Wooly Rupert
Master of Mischief
USA
36809 Posts |
Posted - 13 Jan 2023 : 04:07:12
|
quote: Originally posted by Ashe Ravenheart
quote: Originally posted by Wooly Rupert
Got the message, myself. I'm about to ping Big Al.
I wonder if it has to do with the link to Paizo's announcement. I'm noticing it comes up especially if going to that scroll. Since Paizo's site is down, the link doesn't respond, and maybe site security can't verify everything's good.
I don't see how it could possibly be related to that. The timing is mere coincidence.
I'm getting the same message when I hit the "Active Topics" link to see new posts.
Expanding on the error, it says the security certificate expired in the last day. I should expect that Big Al (or the host, depending on who owns the cert) just needs to renew it. |
Candlekeep Forums Moderator
Candlekeep - The Library of Forgotten Realms Lore http://www.candlekeep.com -- Candlekeep Forum Code of Conduct
I am the Giant Space Hamster of Ill Omen! |
|
|
Ayrik
Great Reader
Canada
7989 Posts |
Posted - 13 Jan 2023 : 06:59:11
|
I'm guessing that Candlekeep's host failed to renew some license or update or whatever. A fixable problem which will quickly be corrected. |
[/Ayrik] |
|
|
Alaundo
Head Moderator
United Kingdom
5695 Posts |
|
sleyvas
Skilled Spell Strategist
USA
11839 Posts |
Posted - 13 Jan 2023 : 16:30:42
|
quote: Originally posted by Alaundo
Well met
Don't panic. This is due to Candlekeep being granted a free SSL certificate last year, which has now expired. Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.
Please forgive me my rant for a moment... it is not aimed at you Alaundo or this site.
{CrankyMode On}
I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it ... or worse someone puts some policy on all the systems so that they are no longer allowed to click past cert issues and then people forget that X application was added 5 years earlier and the cert needs to be updated before it expires. So, the cert expires, a major incident is stood up and 50 people get dragged on a call to whine about the application being broken. Then half of those whiners have no clue and try to armchair troubleshoot the issue, while the other half are all asking "who manages this app and why aren't THEY on this call?". Meanwhile, all it does is create some stupid job for usually the same guy that's pushing the requirement to get certs updated for the people that have no idea how to do it. Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.
{CrankyMode Off} |
Alavairthae, may your skill prevail
Phillip aka Sleyvas |
|
|
Alaundo
Head Moderator
United Kingdom
5695 Posts |
|
Azar
Master of Realmslore
1309 Posts |
Posted - 16 Jan 2023 : 16:36:23
|
I cannot enter "General Forgotten Realms Chat"; clicking on the hyperlink causes my browser's window to flash and...nothing else. Clearing Candlekeep cookies and signing back in did not do the trick. |
Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.
Earth names in the Realms are more common than you may think. |
|
|
Azar
Master of Realmslore
1309 Posts |
|
Ashe Ravenheart
Great Reader
USA
3243 Posts |
|
Azar
Master of Realmslore
1309 Posts |
|
Wooly Rupert
Master of Mischief
USA
36809 Posts |
Posted - 17 Jan 2023 : 03:46:43
|
Perhaps a different browser? I don't otherwise advocate for Edge, but I've not had any issues using it with this site. |
Candlekeep Forums Moderator
Candlekeep - The Library of Forgotten Realms Lore http://www.candlekeep.com -- Candlekeep Forum Code of Conduct
I am the Giant Space Hamster of Ill Omen! |
|
|
Azar
Master of Realmslore
1309 Posts |
Posted - 17 Jan 2023 : 10:25:03
|
My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization. |
Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.
Earth names in the Realms are more common than you may think. |
|
|
Wooly Rupert
Master of Mischief
USA
36809 Posts |
Posted - 17 Jan 2023 : 11:00:52
|
quote: Originally posted by Azar
My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.
So you can't try it for a particular website because you can't customize it? |
Candlekeep Forums Moderator
Candlekeep - The Library of Forgotten Realms Lore http://www.candlekeep.com -- Candlekeep Forum Code of Conduct
I am the Giant Space Hamster of Ill Omen! |
|
|
Azar
Master of Realmslore
1309 Posts |
Posted - 17 Jan 2023 : 13:03:39
|
quote: Originally posted by Wooly Rupert
quote: Originally posted by Azar
My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.
So you can't try it for a particular website because you can't customize it?
I can try using that browser; I just don't want to be dependent on an entirely different browser for one subsection of a forum . |
Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.
Earth names in the Realms are more common than you may think. |
|
|
Storyteller Hero
Learned Scribe
USA
329 Posts |
|
Azar
Master of Realmslore
1309 Posts |
Posted - 19 Jan 2023 : 09:37:01
|
quote: Originally posted by Storyteller Hero
The site is working on my Safari browser, but Chrome seems to keep blocking it due to "invalid certificate".
I wonder if this is a Chrome issue with certificates in general or if this specific certificate itself just doesn't jive with Chrome for whatever reason. |
Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.
Earth names in the Realms are more common than you may think. |
|
|
TBeholder
Great Reader
2430 Posts |
Posted - 19 Jan 2023 : 16:33:07
|
Still shows an error (self-signed certificate)... and if that's manually accepted, drops out to unsecure http.
quote: Originally posted by sleyvas
{CrankyMode On} I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it
Sounds no different from the way anything else is done in Dilbert's company.
quote: Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.
So for 90% of sites you are fine with... executing scripts from unknown sources? |
People never wonder How the world goes round -Helloween And even I make no pretense Of having more than common sense -R.W.Wood It's not good, Eric. It's a gazebo. -Ed Whitchurch |
|
|
sleyvas
Skilled Spell Strategist
USA
11839 Posts |
Posted - 19 Jan 2023 : 18:45:04
|
quote: Originally posted by TBeholder
Still shows an error (self-signed certificate)... and if that's manually accepted, drops out to unsecure http.
quote: Originally posted by sleyvas
{CrankyMode On} I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it
Sounds no different from the way anything else is done in Dilbert's company.
quote: Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.
So for 90% of sites you are fine with... executing scripts from unknown sources?
The majority of things with certs like I'm talking about aren't even internet facing. Its internal management for devices running their own specialized O/S, etc... You could setup a self signed cert and set it to expire in 50 years, but then someone says "that's not good enough, you need one from a cert authority, and it has to expire every 3 years". Half the stuff you'd have to hack into the network, then get into a jumpbox in a special VRF that's absolutely cut off from the internet, then web browse to the management of your device.... hoop after hoop after hoop. |
Alavairthae, may your skill prevail
Phillip aka Sleyvas |
|
|
Azar
Master of Realmslore
1309 Posts |
|
Alaundo
Head Moderator
United Kingdom
5695 Posts |
Posted - 20 Jan 2023 : 09:24:22
|
quote: Originally posted by Azar
Another user on the site said that he is getting bounced out.
Well met
What does he mean exactly? Can you get him to email me at alaundo @ candlekeep.com please.
The cert issue is annoying, but this is down to local browser caching etc. now. |
Alaundo Candlekeep Forums Head Moderator
Candlekeep - The Library of Forgotten Realms Lore http://www.candlekeep.com -- Candlekeep Forum Code of Conduct
An Introduction to Candlekeep - by Ed Greenwood The Candlekeep Compendium - Tomes of Realmslore penned by Scribes of Candlekeep
|
|
|
Azar
Master of Realmslore
1309 Posts |
Posted - 20 Jan 2023 : 12:48:40
|
quote: Originally posted by Alaundo
quote: Originally posted by Azar
Another user on the site said that he is getting bounced out.
Well met
What does he mean exactly? Can you get him to email me at alaundo @ candlekeep.com please.
The cert issue is annoying, but this is down to local browser caching etc. now.
Specifically clearing the Cache (instead of the Cookies alone) did the trick for both of us, in the end. Thank you for the tip! |
Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.
Earth names in the Realms are more common than you may think. |
|
|
TBeholder
Great Reader
2430 Posts |
Posted - 27 Jan 2023 : 23:42:49
|
Why not use Let's Encrypt? They give out free Domain Validation certificates, which are recognizable by browsers because they are on that certificate tree. That's all you need, right? |
People never wonder How the world goes round -Helloween And even I make no pretense Of having more than common sense -R.W.Wood It's not good, Eric. It's a gazebo. -Ed Whitchurch |
Edited by - TBeholder on 27 Jan 2023 23:44:22 |
|
|
Big Mac
Acolyte
United Kingdom
28 Posts |
Posted - 11 Aug 2024 : 00:11:26
|
quote: Originally posted by Alaundo
<snip>
Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.
That is the exact same attitude I used to have for the website I run. We do not sell anything or exchange credit cards details with people. There is literally nothing to secure.
Then we started to get second-hand reports from existing forum members, stating that people they had invited to join us had refused to sign up, stating that their browser or a search engine had listed the website as "not secure".
Facebook seems to also be blacklisting http only websites. It is impossible to link to the Spelljammer: Beyond the Moons website there, which kind of sucks, when you are trying to help keep Spelljammer fandom alive.
So we decided to move our website to https pretty much at the point of a gun.
But the problem with https, is that it is tied into certificates that you constantly have to renew. If you are late (or ill or busy with important stuff) everyone's browser throws up websites suggesting that your website is dangerous. That aspect is a pain in the neck.
You might want to check out Cloudflare. Candlekeep probably qualifies for their free account. That comes with a free security certificate that gets updated at their end. And you also get DDoS protection.
If it is not going to conflict with your forum software or the software you use for the main website, it might be a one-and-done solution. |
David "Big Mac" Shepheard Administrator - Spelljammer Wiki https://spelljammer.fandom.com/ Chief Editor - Wildspace Magazine https://www.thepiazza.org.uk/bb/viewtopic.php?t=29589 |
|
|
TBeholder
Great Reader
2430 Posts |
Posted - 11 Aug 2024 : 17:13:18
|
The problem persists.
quote: Originally posted by Big Mac
That is the exact same attitude I used to have for the website I run. We do not sell anything or exchange credit cards details with people. There is literally nothing to secure.
As long as you don't insist that the users should take risk by enabling JavaScript on what appears to be your site. Man-in-the-middle attack is a thing.
quote: Facebook seems to also be blacklisting http only websites. It is impossible to link to the Spelljammer: Beyond the Moons website there, which kind of sucks, when you are trying to help keep Spelljammer fandom alive.
There's also that. Of course, if you want to integrate it with Facebook, why not just do it on Facebook? I mean, seeing how they speed-banned even mentions of a certain math law among the other things, it may be a step beyond even the current state of Piazza, but if you really want Facehug...
quote: You might want to check out Cloudflare. Candlekeep probably qualifies for their free account. That comes with a free security certificate that gets updated at their end. And you also get DDoS protection.
Do so if you want your site to be inaccessible for anyone except users in Seattle and using browsers that support the latest Google(TM) spyware. I fed their "hurr, checking if you are human" script crafted UserAgent value of a Google bot once... the script suggested to upgrade it.
quote: But the problem with https, is that it is tied into certificates that you constantly have to renew. If you are late (or ill or busy with important stuff) everyone's browser throws up websites suggesting that your website is dangerous. That aspect is a pain in the neck.
Automation is a thing. That is done with them computers. Let's Encrypt plainly states in FAQ:
quote: We recommend automatically renewing your certificates every 60 days.
And if you follow link in the previous line:
quote: If we’re going to move the entire Web to HTTPS, we can’t continue to expect system administrators to manually handle renewals.
|
People never wonder How the world goes round -Helloween And even I make no pretense Of having more than common sense -R.W.Wood It's not good, Eric. It's a gazebo. -Ed Whitchurch |
|
|
Italian Archmage Karsus
Learned Scribe
126 Posts |
Posted - 17 Aug 2024 : 01:19:24
|
Alaundo, from what I understand, doesn't do his own webhosting: it is done as a service. That service charges for HTTPS; it doesn't matter whether they renew with certbot, by snail mail, or artisanally. The forum software is also thoroughly obsolete and it would almost certainly break if they tried to move hosts. So, either Alaundo pays for HTTPS, or we don't get HTTPS, because LetsEncrypt would require Alaundo had access to the server personally, and he is locked in with the host.
This is not a technical issue, TBeholder. Just make sure you don't reuse passwords. |
|
|
Alaundo
Head Moderator
United Kingdom
5695 Posts |
Posted - 18 Aug 2024 : 22:26:43
|
Well met
Indeed, whilst Candlekeep did have a few years being self-hosted, it is no longer. The host charge for certificates and do not permit alterative means of provisioning. The forum and site have moved several times of the years, not without incident and pain, but there is no current plan to move hosts, although a long overdue plan to migrate the underlying forum software. |
Alaundo Candlekeep Forums Head Moderator
Candlekeep - The Library of Forgotten Realms Lore http://www.candlekeep.com -- Candlekeep Forum Code of Conduct
An Introduction to Candlekeep - by Ed Greenwood The Candlekeep Compendium - Tomes of Realmslore penned by Scribes of Candlekeep
|
|
|
Big Mac
Acolyte
United Kingdom
28 Posts |
Posted - 20 Aug 2024 : 15:34:22
|
quote: Originally posted by Alaundo
Well met
Indeed, whilst Candlekeep did have a few years being self-hosted, it is no longer. The host charge for certificates and do not permit alterative means of provisioning. The forum and site have moved several times of the years, not without incident and pain, but there is no current plan to move hosts, although a long overdue plan to migrate the underlying forum software.
Thanks for the confirmation!
(Our hosting company also wanted to charge us, if they provided certificates, but didn't block us from going around their support team to do it ourselves.) Sorry to hear that you do not have that option. I'll consider this topic closed.
Good luck migrating the forum software. I know that will be a very big task. |
David "Big Mac" Shepheard Administrator - Spelljammer Wiki https://spelljammer.fandom.com/ Chief Editor - Wildspace Magazine https://www.thepiazza.org.uk/bb/viewtopic.php?t=29589 |
|
|
|
Topic |
|