Congrats! You've been blacklisted! (Certificate issue?)

Let us know when something isn't working correctly, or if you find a typo. Do not post complaints or suggestions here.

Moderator: Mods

User avatar
BoffoYux
Fortune Teller
Posts: 287
Joined: Tue Jan 11, 2011 9:22 pm
Instruments: Keys, Clunking, SFX and Strings
Recording Method: Audacity, Adobe, and other 'A' titled software
Submitting as: Boffo Yux Dudes
Location: New England
Contact:

Congrats! You've been blacklisted! (Certificate issue?)

Postby BoffoYux » Fri Apr 07, 2017 9:01 am

I tried to get in using www.songfight.org, and got this error
+++
Your connection is not private

Attackers might be trying to steal your information from www.songfight.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID

Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHIDE ADVANCED
This server could not prove that it is www.songfight.org; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.

Proceed to www.songfight.org (unsafe)
+++

Works with songfight.net, but that doesn't show the front page with the frames correctly for me. Using Chrome on Win 10.
Anyone else getting this issue?

Tommy G
Lunkhead
Princess Zelda
Posts: 5183
Joined: Sat Sep 25, 2004 12:14 pm
Instruments: many
Recording Method: cubase/reason/mac/tascam4x4
Submitting as: Berkeley Social Scene, Merisan, Tiny Robots
Location: Berkeley, CA
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Postby Lunkhead » Fri Apr 07, 2017 12:21 pm

Thanks for the report. I'm not having that issue on Chrome 57.0.2987.133 on Mac OS X 10.12.4. I've reported it to fluffy who I think was the one that set up the SSL, or maybe it was JB, but anyway I reported it in a way where they both know about it. What version of Chrome do you have? And do you have any other browsers you could try to see if you get the same problem? And is there a more specific version of Windows that you have than just "10"?
User avatar
jb
Notable Hylian
Posts: 3535
Joined: Sat Sep 25, 2004 10:12 am
Instruments: Guitar, Cello, Keys, Uke, Vox, Perc
Recording Method: Logic X
Submitting as: The John Benjamin Band
Location: WASHINGTON, DC
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Postby jb » Fri Apr 07, 2017 4:34 pm

Hmm. I do see an issue.

I just added a Let's Encrypt cert to songfight.org, and there's a self-signed apparently on it until LE does their thing.

Let's see if that helps.

I've never worried about certs much on sf.org because there are no user accounts or anything.

JB
User avatar
fluffy
Ganon
Posts: 9364
Joined: Sat Sep 25, 2004 10:56 am
Instruments: sometimes
Recording Method: Logic Pro X
Submitting as: Sockpuppet
Location: The Plaidlands (also, Seattle)
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Postby fluffy » Fri Apr 07, 2017 5:40 pm

Dreamhost provides a default https connection for all sites but don't provide a cert by default, so if you try to force a non-SSL Dreamhost site to be SSL that's the error you get. Look at the CN on the cert and you'll see that it's usually a self-signed thing with the underlying hostname of the Dreamhost host.

songfight.net already had a proper SSL cert (via LetsEncrypt) which is why .net worked fine.

FWIW to Lunkhead: for server provisioning stuff, that's all in JB's court since he's the only one with access to the Dreamhost panel.
User avatar
fluffy
Ganon
Posts: 9364
Joined: Sat Sep 25, 2004 10:56 am
Instruments: sometimes
Recording Method: Logic Pro X
Submitting as: Sockpuppet
Location: The Plaidlands (also, Seattle)
Contact:

Re: Congrats! You've been blacklisted! (Certificate issue?)

Postby fluffy » Wed Apr 12, 2017 10:38 pm

Also worth noting that this is a problem at the intersection of shared hosting and SSL, and is why it's still a bad idea to run plugins like "SSL Everywhere" that attempt to force your connection to SSL based solely on the server responding to https requests. I much prefer the Firefox approach where it only warns you about an unencrypted connection if you're sending a password or whatever, and asks if you want to try SSL instead.

Return to “Quality Control”

Who is online

Users browsing this forum: No registered users and 1 guest