Congrats! You've been blacklisted! (Certificate issue?)

Let us know when something isn't working correctly, or if you find a typo. Do not post complaints or suggestions here.
Post Reply
User avatar
BoffoYux
Panama
Posts: 908
Joined: Tue Jan 11, 2011 9:22 pm
Instruments: Keys, Clunking, SFX and Strings
Recording Method: Audacity, Adobe, and other 'A' titled software
Submitting as: Boffo Yux Dudes
Location: New England
Contact:

Congrats! You've been blacklisted! (Certificate issue?)

Post by BoffoYux »

I tried to get in using www.songfight.org, and got this error
+++
Your connection is not private

Attackers might be trying to steal your information from www.songfight.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID

Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHIDE ADVANCED
This server could not prove that it is www.songfight.org; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.

Proceed to www.songfight.org (unsafe)
+++

Works with songfight.net, but that doesn't show the front page with the frames correctly for me. Using Chrome on Win 10.
Anyone else getting this issue?

Tommy G
User avatar
Lunkhead
You're No Good
Posts: 8104
Joined: Sat Sep 25, 2004 12:14 pm
Instruments: many
Recording Method: cubase/mac/tascam4x4
Submitting as: Berkeley Social Scene, Merisan, Tiny Robots
Pronouns: he/him
Location: Berkeley, CA
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Post by Lunkhead »

Thanks for the report. I'm not having that issue on Chrome 57.0.2987.133 on Mac OS X 10.12.4. I've reported it to fluffy who I think was the one that set up the SSL, or maybe it was JB, but anyway I reported it in a way where they both know about it. What version of Chrome do you have? And do you have any other browsers you could try to see if you get the same problem? And is there a more specific version of Windows that you have than just "10"?
User avatar
jb
Hot for Teacher
Posts: 4159
Joined: Sat Sep 25, 2004 10:12 am
Instruments: Guitar, Cello, Keys, Uke, Vox, Perc
Recording Method: Logic X
Submitting as: The John Benjamin Band
Pronouns: he/him
Location: WASHINGTON, DC
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Post by jb »

Hmm. I do see an issue.

I just added a Let's Encrypt cert to songfight.org, and there's a self-signed apparently on it until LE does their thing.

Let's see if that helps.

I've never worried about certs much on sf.org because there are no user accounts or anything.

JB
blippity blop ya don’t stop heyyyyyyyyy
User avatar
fluffy
Eruption
Posts: 11028
Joined: Sat Sep 25, 2004 10:56 am
Instruments: sometimes
Recording Method: Logic Pro X
Submitting as: Sockpuppet
Pronouns: she/they
Location: Seattle-ish
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Post by fluffy »

Dreamhost provides a default https connection for all sites but don't provide a cert by default, so if you try to force a non-SSL Dreamhost site to be SSL that's the error you get. Look at the CN on the cert and you'll see that it's usually a self-signed thing with the underlying hostname of the Dreamhost host.

songfight.net already had a proper SSL cert (via LetsEncrypt) which is why .net worked fine.

FWIW to Lunkhead: for server provisioning stuff, that's all in JB's court since he's the only one with access to the Dreamhost panel.
User avatar
fluffy
Eruption
Posts: 11028
Joined: Sat Sep 25, 2004 10:56 am
Instruments: sometimes
Recording Method: Logic Pro X
Submitting as: Sockpuppet
Pronouns: she/they
Location: Seattle-ish
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Post by fluffy »

Also worth noting that this is a problem at the intersection of shared hosting and SSL, and is why it's still a bad idea to run plugins like "SSL Everywhere" that attempt to force your connection to SSL based solely on the server responding to https requests. I much prefer the Firefox approach where it only warns you about an unencrypted connection if you're sending a password or whatever, and asks if you want to try SSL instead.
Post Reply