Calgarypuck Forums - The Unofficial Calgary Flames Fan Community
Old 11-17-2023, 08:46 AM   #1
FanIn80
GOAT!
 
FanIn80's Avatar
 
Join Date: Jun 2006
Exp:
Default Expired Cert

Hey, you've probably already figured this out, but someone (photon?) needs to renew your cert(s).
FanIn80 is offline   Reply With Quote
Old 11-17-2023, 09:02 AM   #2
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Yeah sorry, I usually have a calendar item to remind me to renew the cert, but I either missed it or the periodic entry expired.

Will renew as soon as I can.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
The Following 2 Users Say Thank You to photon For This Useful Post:
Old 11-17-2023, 09:33 AM   #3
PeteMoss
Franchise Player
 
PeteMoss's Avatar
 
Join Date: Jun 2004
Location: SW Ontario
Exp:
Default

yeah.. getting the 'this site is unsafe' warning on chrome.
PeteMoss is offline   Reply With Quote
Old 11-17-2023, 10:37 AM   #4
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default

You should be able to configure auto-renewal with letsencrypt
Hack&Lube is online now   Reply With Quote
Old 11-17-2023, 12:18 PM   #5
GioforPM
Franchise Player
 
Join Date: Oct 2014
Location: Springbank
Exp:
Default

GioforPM is offline   Reply With Quote
Old 11-17-2023, 12:58 PM   #6
BlackArcher101
Such a pretty girl!
 
BlackArcher101's Avatar
 
Join Date: Jan 2004
Location: Calgary
Exp:
Default

How can I see the site for more than 5 seconds without having to click through the chrome warning?
__________________
BlackArcher101 is offline   Reply With Quote
Old 11-17-2023, 01:42 PM   #7
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default

Quote:
Originally Posted by BlackArcher101 View Post
How can I see the site for more than 5 seconds without having to click through the chrome warning?
It's not possible until the cert is in place because of how modern browsers are designed. I tried http but it redirects to https which requires an SSL cert

You could try a different browser, but on my chrome it seems to remember I say to continue even though it was unsafe and it has remembered the setting so far.
Hack&Lube is online now   Reply With Quote
Old 11-17-2023, 01:54 PM   #8
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Ok should be renewed.

Quote:
Originally Posted by Hack&Lube View Post
You should be able to configure auto-renewal with letsencrypt
Yeah there are different ways, basically involves running a command on a computer to request the renewal from LetsEncrypt, they do a verification, and then copy the new certs.

Easy enough script to write.

Problem is I thought I'd be clever and do a wildcard cert so I could easily setup whatever subdomain sites I'd want. However the wildcard cert verification involves setting DNS TXT entries. So I'd have to get the challenge string, update a couple of DNS TXT records via API, then do the verification.

The previous DNS provider didn't have an easy API to work with so I'd been doing it manually.

There's a new DNS provider that comes along with the ads but I haven't checked to see if they have API access.

What I'll probably just have to do is switch to certs for each individual domain rather than a wildcard because those can be verified by having a text file available on the domain URL. Or maybe check their docs to see if there's any new verification options available.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
The Following 3 Users Say Thank You to photon For This Useful Post:
Old 11-17-2023, 03:03 PM   #9
BlackArcher101
Such a pretty girl!
 
BlackArcher101's Avatar
 
Join Date: Jan 2004
Location: Calgary
Exp:
Default

Hurray, thanks Photon!
__________________
BlackArcher101 is offline   Reply With Quote
The Following User Says Thank You to BlackArcher101 For This Useful Post:
Old 11-17-2023, 03:44 PM   #10
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default

Quote:
Originally Posted by photon View Post
Ok should be renewed.



Yeah there are different ways, basically involves running a command on a computer to request the renewal from LetsEncrypt, they do a verification, and then copy the new certs.

Easy enough script to write.

Problem is I thought I'd be clever and do a wildcard cert so I could easily setup whatever subdomain sites I'd want. However the wildcard cert verification involves setting DNS TXT entries. So I'd have to get the challenge string, update a couple of DNS TXT records via API, then do the verification.

The previous DNS provider didn't have an easy API to work with so I'd been doing it manually.

There's a new DNS provider that comes along with the ads but I haven't checked to see if they have API access.

What I'll probably just have to do is switch to certs for each individual domain rather than a wildcard because those can be verified by having a text file available on the domain URL. Or maybe check their docs to see if there's any new verification options available.
Could you have a single cert with a variety of subject alternative names of the sub domains you want (SANs) instead of the wildcard?
Hack&Lube is online now   Reply With Quote
The Following User Says Thank You to Hack&Lube For This Useful Post:
Old 11-17-2023, 05:13 PM   #11
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Hm good suggestion, it appears it does, and it doesn't mention the DNS challenge verification so I assume it'd just be a normal challenge text file for each subdomain.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
The Following User Says Thank You to photon For This Useful Post:
Old 11-17-2023, 05:32 PM   #12
kermitology
It's not easy being green!
 
kermitology's Avatar
 
Join Date: Oct 2001
Location: In the tubes to Vancouver Island
Exp:
Default

SAN certs would definitely work!
__________________
Who is in charge of this product and why haven't they been fired yet?
kermitology is offline   Reply With Quote
Old 02-11-2024, 05:03 PM   #13
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

I changed it so it generated a cert with multiple SANs rather than a wildcard.. the nice thing is I can specify the web root in the command and it'll put in a challenge file that it'll read, so doesn't require creating challenge TXT records in the DNS which was super annoying.

Thanks!
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 02-11-2024, 05:07 PM   #14
Ped
First Line Centre
 
Join Date: Jan 2012
Location: Ontario
Exp:
Default

CPHL site is down with no certificate.
Ped is offline   Reply With Quote
Old 02-11-2024, 10:11 PM   #15
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Ah it's running cphlsim.calgarypuck.com and I don't have that in the cert.

Should be an easy fix.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 02-11-2024, 10:15 PM   #16
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Ok cert was updated with that domain, doing a hard refresh on a roster page seemed to work for me.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 11:37 AM.

Calgary Flames
2023-24




Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021