I tried to get in using www.songfight.org, and got this error
+++
Your connection is not private
Attackers might be trying to steal your information from www.songfight.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHIDE ADVANCED
This server could not prove that it is www.songfight.org; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.
Proceed to www.songfight.org (unsafe)
+++
Works with songfight.net, but that doesn't show the front page with the frames correctly for me. Using Chrome on Win 10.
Anyone else getting this issue?
Tommy G
Congrats! You've been blacklisted! (Certificate issue?)
- Lunkhead
- You're No Good
- Posts: 8164
- Joined: Sat Sep 25, 2004 12:14 pm
- Instruments: many
- Recording Method: cubase/mac/tascam4x4
- Submitting as: Berkeley Social Scene, Merisan, Tiny Robots
- Pronouns: he/him
- Location: Berkeley, CA
- Contact:
Re: Congrats! You've been blacklisted! (Certificate issue?)
Thanks for the report. I'm not having that issue on Chrome 57.0.2987.133 on Mac OS X 10.12.4. I've reported it to fluffy who I think was the one that set up the SSL, or maybe it was JB, but anyway I reported it in a way where they both know about it. What version of Chrome do you have? And do you have any other browsers you could try to see if you get the same problem? And is there a more specific version of Windows that you have than just "10"?
- jb
- Hot for Teacher
- Posts: 4165
- Joined: Sat Sep 25, 2004 10:12 am
- Instruments: Guitar, Cello, Keys, Uke, Vox, Perc
- Recording Method: Logic X
- Submitting as: The John Benjamin Band
- Pronouns: he/him
- Location: WASHINGTON, DC
- Contact:
Re: Congrats! You've been blacklisted! (Certificate issue?)
Hmm. I do see an issue.
I just added a Let's Encrypt cert to songfight.org, and there's a self-signed apparently on it until LE does their thing.
Let's see if that helps.
I've never worried about certs much on sf.org because there are no user accounts or anything.
JB
I just added a Let's Encrypt cert to songfight.org, and there's a self-signed apparently on it until LE does their thing.
Let's see if that helps.
I've never worried about certs much on sf.org because there are no user accounts or anything.
JB
blippity blop ya don’t stop heyyyyyyyyy
- fluffy
- Eruption
- Posts: 11089
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Congrats! You've been blacklisted! (Certificate issue?)
Dreamhost provides a default https connection for all sites but don't provide a cert by default, so if you try to force a non-SSL Dreamhost site to be SSL that's the error you get. Look at the CN on the cert and you'll see that it's usually a self-signed thing with the underlying hostname of the Dreamhost host.
songfight.net already had a proper SSL cert (via LetsEncrypt) which is why .net worked fine.
FWIW to Lunkhead: for server provisioning stuff, that's all in JB's court since he's the only one with access to the Dreamhost panel.
songfight.net already had a proper SSL cert (via LetsEncrypt) which is why .net worked fine.
FWIW to Lunkhead: for server provisioning stuff, that's all in JB's court since he's the only one with access to the Dreamhost panel.
- fluffy
- Eruption
- Posts: 11089
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Congrats! You've been blacklisted! (Certificate issue?)
Also worth noting that this is a problem at the intersection of shared hosting and SSL, and is why it's still a bad idea to run plugins like "SSL Everywhere" that attempt to force your connection to SSL based solely on the server responding to https requests. I much prefer the Firefox approach where it only warns you about an unencrypted connection if you're sending a password or whatever, and asks if you want to try SSL instead.