Page 1 of 1

Congrats! You've been blacklisted! (Certificate issue?)

Posted: Fri Apr 07, 2017 9:01 am
by BoffoYux
I tried to get in using www.songfight.org, and got this error
+++
Your connection is not private

Attackers might be trying to steal your information from www.songfight.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID

Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHIDE ADVANCED
This server could not prove that it is www.songfight.org; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.

Proceed to www.songfight.org (unsafe)
+++

Works with songfight.net, but that doesn't show the front page with the frames correctly for me. Using Chrome on Win 10.
Anyone else getting this issue?

Tommy G

Re: Congrats! You've been blacklisted! (Certificate issue?)

Posted: Fri Apr 07, 2017 12:21 pm
by Lunkhead
Thanks for the report. I'm not having that issue on Chrome 57.0.2987.133 on Mac OS X 10.12.4. I've reported it to fluffy who I think was the one that set up the SSL, or maybe it was JB, but anyway I reported it in a way where they both know about it. What version of Chrome do you have? And do you have any other browsers you could try to see if you get the same problem? And is there a more specific version of Windows that you have than just "10"?

Re: Congrats! You've been blacklisted! (Certificate issue?)

Posted: Fri Apr 07, 2017 4:34 pm
by jb
Hmm. I do see an issue.

I just added a Let's Encrypt cert to songfight.org, and there's a self-signed apparently on it until LE does their thing.

Let's see if that helps.

I've never worried about certs much on sf.org because there are no user accounts or anything.

JB

Re: Congrats! You've been blacklisted! (Certificate issue?)

Posted: Fri Apr 07, 2017 5:40 pm
by fluffy
Dreamhost provides a default https connection for all sites but don't provide a cert by default, so if you try to force a non-SSL Dreamhost site to be SSL that's the error you get. Look at the CN on the cert and you'll see that it's usually a self-signed thing with the underlying hostname of the Dreamhost host.

songfight.net already had a proper SSL cert (via LetsEncrypt) which is why .net worked fine.

FWIW to Lunkhead: for server provisioning stuff, that's all in JB's court since he's the only one with access to the Dreamhost panel.

Re: Congrats! You've been blacklisted! (Certificate issue?)

Posted: Wed Apr 12, 2017 10:38 pm
by fluffy
Also worth noting that this is a problem at the intersection of shared hosting and SSL, and is why it's still a bad idea to run plugins like "SSL Everywhere" that attempt to force your connection to SSL based solely on the server responding to https requests. I much prefer the Firefox approach where it only warns you about an unencrypted connection if you're sending a password or whatever, and asks if you want to try SSL instead.