Calgarypuck Forums - The Unofficial Calgary Flames Fan Community
Old 08-17-2022, 08:26 AM   #1
Mull
Powerplay Quarterback
 
Join Date: Dec 2020
Exp:
Default Firefox says CP isn't safe

got this error FYI:"


Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for calgarypuck.com. The certificate is only valid for *.calgarypuck.com.

Error code: SSL_ERROR_BAD_CERT_DOMAIN
Mull is offline   Reply With Quote
Old 08-17-2022, 08:45 AM   #2
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Hm, maybe I did something wrong last time I updated the TLS certs, will check it out.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 08-17-2022, 08:52 AM   #3
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

So I have a wildcard cert *.calgarypuck.com which applies to forum.calgarypuck.com (or anything.calgarypuck.com) but not to calgarypuck.com itself.

Weird I've never run into this before, I haven't changed the cert stuff for a long time, maybe browsers started being more picky about that.

I'll have to see if I can change the cert or if I have to generate a different cert for calgarypuck.com.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
The Following User Says Thank You to photon For This Useful Post:
Old 08-17-2022, 11:54 AM   #4
Mull
Powerplay Quarterback
 
Join Date: Dec 2020
Exp:
Default

Quote:
Originally Posted by photon View Post
So I have a wildcard cert *.calgarypuck.com which applies to forum.calgarypuck.com (or anything.calgarypuck.com) but not to calgarypuck.com itself.

Weird I've never run into this before, I haven't changed the cert stuff for a long time, maybe browsers started being more picky about that.

I'll have to see if I can change the cert or if I have to generate a different cert for calgarypuck.com.

I went into a new browser and no error .... but I didn't close it, let me know if you want me to test things
Mull is offline   Reply With Quote
Old 08-24-2022, 08:12 AM   #5
sworkhard
First Line Centre
 
sworkhard's Avatar
 
Join Date: Oct 2009
Exp:
Default

I got the same error on Chrome. However, after telling it to proceed anyway, it shows the certificate as valid and I haven't seen it since. It's possibly something that only appears when visiting the first time when the https redirect is done.
sworkhard is offline   Reply With Quote
Old 08-26-2022, 12:41 PM   #6
Shazam
Franchise Player
 
Shazam's Avatar
 
Join Date: Aug 2005
Location: Memento Mori
Exp:
Default

@photon open incognito window, go to calgarypuck.com.
__________________
If you don't pass this sig to ten of your friends, you will become an Oilers fan.
Shazam is offline   Reply With Quote
Old 08-28-2022, 05:32 PM   #7
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Yeah.. if you go to www.calgarypuck.com it is fine but not calgarypuck.com.

I use Let's Encrypt for certs, and I can create a cert that would have both, except the DNS provider won't let me create the proper DNS challenge response records to do that.

I tried creating a calgarypuck.com only domain cert and that worked, but there must be some kind of forwarding going on since it gets stuck on www.calgarypuck.com with a DNS error even if I go to calgarypuck.com.

I could change the website so it always uses www.calgarypuck.com, but I hate fiddling with the Apache settings as I'm not very good with them and always seem to run into problems.

I will have to see if the DNS provider has an API and maybe I can do the challenge/response updates via that to satisfy Let's Encrypt's requirements.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 08-29-2022, 09:30 AM   #8
Shazam
Franchise Player
 
Shazam's Avatar
 
Join Date: Aug 2005
Location: Memento Mori
Exp:
Default

Try putting in an A entry for calgarypuck.com
__________________
If you don't pass this sig to ten of your friends, you will become an Oilers fan.
Shazam is offline   Reply With Quote
Old 08-29-2022, 05:30 PM   #9
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

There's an A record for calgarypuck.com in the DNS.

Looks like there's no API for the specific DNS account we have, but I was able to get into an expert mode and it let me make duplicate TXT records, and so was able to generate the cert.

I don't get any cert errors anymore, is it still not working for anyone?
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 08-29-2022, 06:20 PM   #10
Shazam
Franchise Player
 
Shazam's Avatar
 
Join Date: Aug 2005
Location: Memento Mori
Exp:
Default

Nm
__________________
If you don't pass this sig to ten of your friends, you will become an Oilers fan.
Shazam is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:09 PM.

Calgary Flames
2023-24




Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021