SSL Issues with in Chrome?

(Matt Andrews) #9

[quote=“rythie, post:8, topic:3246”]
I guess so. I’ve been avoiding on my server, it because I’ve got a dozen domains, mostly with subdomains too.[/quote]

As long as you setup the cron task properly, you can renew as many domains as you like automatically with their client (I have it renewing two of mine on one server right now).

(Daniel Hollands) #10

Hahaha, that’s the theory at least. There are some instructions on updating Discourse with Let’s Encrypt, I’ve just been putting it off :grimacing:

(Dom Barnes) #11

I’m glad I could help force you both to do something you’ve been putting off.
If you have any advice for tidying the dining room I’ve been putting off, we can consider it even!

(Daniel Hollands) #12

You could invite us all over for a nice home-cooked meal, that should give you sufficient motivation.

(Stuart Langridge) #13

The Yumzee people are a Brum-based startup who are getting people to do exactly that as a business model :slight_smile: I believe @DaveDev has tried them; anyone else?

(Dave Evans) #14

Yes - Yumzee is great :grinning:

(Matthew Somerville) #15

Just to note Python 3 supports SNI just fine, and Python 2 also since 2.7.9 (and before then you can install urllib3[secure] or requests[secure]). I use LetsEncrypt at home and work, with a lot of domains, all works well.

(Richard Cunningham) #16

The issue I hit was that Ubuntu 14.04 only ships python 2.7.6 still and if you use someone else’s code, you can’t decide on the library they use. For the planet site I ended up compiling my own Python to get a later version. Whilst I can fix my own server, I can’t fix other people’s. I think this has been handled by both Python and Ubuntu (who should have backported the patch). There were perhaps other ways to solve this better, but didn’t come across them. I haven’t yet had enough time to update my server Ubuntu 16.04, since I know there multiple code bases that need fixing to get that to work.

Though now priorities are different because breaking a small number of older python users (+ andriod 2.x, winXP etc.) is tiny compared to breaking all Chrome users.

(Richard Cunningham) #17

Though of course you don’t need SNI now with letsencrypt, since they support multiple domains (not sure they did at first).

Update: I’ve setup let’s encrypt on my server now (calendar/planet sites and redirect). I had to list all my subdomains which took some time. Then I used the temporary webserver option because I have lots of webroots and some of them don’t really allow adding of a file.

(Daniel Hollands) #18

Chrome on my desktop just updated to version 58, and all of a sudden I was prevented access to the site because of an SSL issue. I wasn’t even able to ignore the warning and continue, as usual, just a total block. Chrome on my laptop (running 57 at the time) was fine, so I figured it must be this issue.

So this, of course, has somewhat forced my hand into moving over to Let’s Encrypt, which I did this morning.

I was a bit worried about doing this because I wasn’t sure what would happen about the previous certs I had installed, and in fact, they did cause an issue at first, but all I needed to do was delete the old certs and rebuild the container.

If anyone notices anything funny about the site, please let me know.

Thank you very much to @rythie for letting us use his certs up until this point :slight_smile:

(Dom Barnes) #19

All good on Chrome 60 too, and Safari Tech Preview R28 :+1:t2::closed_lock_with_key:

(Marc Cooper) #20

Firefox is still moaning:

(Daniel Hollands) #21

I have a feeling that’ll be embedded images in some posts or something like that - but I’m not sure where they are.

(Matt Andrews) #22

I don’t see that on this thread (FF 53 on OS X).

(Jon) #23

Firefox 53.0 on Ubuntu 14.04 is fine here.

(Andy Wootton) #24

FF53 (64 bit) also OK on Ubuntu 16.04 here.

(Marc Cooper) #25

Now okay here ¯\(ツ)

Computers, eh? :smiley:

(Andy Wootton) #26

I had intermittent problems with Silicon Canal when I was struggling to get registered there.

(Daniel Hollands) #27

I think it’s something that pops up after spending a little while on the site, maybe after viewing a post with an embedded image from a non-https source.

(Richard Cunningham) #28

It’s what Daniel said, e.g. image on this thread:
Amazon Dash is in the UK content on this one:
Microsoft Cloud User Group - 18th May and others in this one:
Friday Links on Fridays

Though it seems quite hard to find now, it was worse in the past. Anyway it’s not due to the certificate change.