certificate error today at SFN

[TheVat]

This is a problem on Chrome browser, so I've switched over to Firefox, hoping I can post this.  Chrome is generating some kind of error regarding the site's certificate, and refusing to allow me to post in a thread.  If the site's certificate has been allowed to lapse, that will be a huge problem.  IIRC, only browsers like duckduckgo can plow through certificate problems and let you post anyway.  If this doesn't post, I will use a device at home that has DDG on it. 

Looks like Firefox is okay.  Has anyone else had problems with Chrome today? 

LATER

Back on Chrome, going to test this again.  

OK, now it is working okay.  What a weird glitch.  

[Sensei]

https://www.google.com/search?q=ssl+certificate+checker

"TLS Certificate expiration

The certificate expires January 28, 2024 (62 days from today)"

"Certificate Name matches scienceforums.net

scienceforums.net

Valid from 30/Oct/2023 to 28/Jan/2024

IssuerR3

 

R3

Valid from 04/Sep/2020 to 15/Sep/2025

IssuerISRG Root X1

 

ISRG Root X1

Valid from 20/Jan/2021 to 30/Sep/2024

IssuerDST Root CA X3"

45 minutes ago, TheVat said:

IIRC, only browsers like duckduckgo can plow through certificate problems and let you post anyway. 

https://www.google.com/search?q=configure+firefox+ssl+ignore

https://stackoverflow.com/questions/20088/is-there-a-way-to-make-firefox-ignore-invalid-ssl-certificates

Try:

"enter about:config into the firefox address bar and agree to continue.

search for the preference named security.ssl.enable_ocsp_stapling.

double-click this item to change its value to false."

 

[TheVat]

Helpful stuff @Sensei - thank you.  As you did, I checked the SSL certificate for SFN, at the Godaddy  SSL tools page.  The Firefox tweak is wonderful - there is an old site I visit sometimes, with expired certificates, and now I can use FFox, instead of switching to DDG.  (the owner of that site hates to pay for anything like renewing the SSL cert.)

[Sensei]

@TheVat

SFN is certified by Let's Encrypt, so it's free.

But you can configure it to renew automatically or manually. If it is configured automatically the script receives too much data about the server it is installed (admin privileges, ability to alter Apache server configuration etc.). It can be used to hack the server and/or install a backdoor.

9 hours ago, TheVat said:

(the owner of that site hates to pay for anything like renewing the SSL cert.)

Commercial pro SSL is quite expensive. More expensive than a domain. More expensive than a VPS..

 

[Sensei]

17 hours ago, TheVat said:

This is a problem on Chrome browser,

Procedure for disabling SSL certificate verification errors in Chrome:

https://superuser.com/questions/27268/how-do-i-disable-the-warning-chrome-gives-if-a-security-certificate-is-not-trust

How about --ignore-certificate-errors in command-line?

 

[Cap'n Refsmmat]

Yes, we use Let's Encrypt and automatically renew the certificate periodically. I'm not sure why you got an error -- if it happens again, can you record the exact error it shows you, and any details it might hide behind an Advanced or Show More button?

I wouldn't disable certificate errors globally, as that's a serious security issue. We try to keep SFN's certificate updated (since it's free), so if there's a problem, we should fix it.