Fix Your Certificate.

Eorzea Time
 
 
 
Language: JP EN FR DE
users online
Forum » FFXIAH.com » Bugs » Fix your certificate.
Fix your certificate.
 Asura.Meliorah
Offline
Server: Asura
Game: FFXI
user: DatGoose
Posts: 583
By Asura.Meliorah 2023-08-30 20:33:54
Link | Quote | Reply
 


Shows up every few days when I visit.
 Ragnarok.Corvinus
Offline
Server: Ragnarok
Game: FFXI
user: Xiong
Posts: 84
By Ragnarok.Corvinus 2023-08-31 07:53:27
Link | Quote | Reply
 
I don't know the exacts of why this happens; But, I noticed this when I was saving ffxiah.com as the link on my default tab for chrome. Once I updated the url to https://ffxiah.com it fixed this for me.
 
Offline
Posts:
By 2023-08-31 07:53:45
 Undelete | Edit  | Link | Quote | Reply
 
Post deleted by User.
Offline
Posts: 14726
By Pantafernando 2023-08-31 08:02:20
Link | Quote | Reply
 
Yeah, they renewed the certificate two days ago.

If it shows not secure, probably is some cache. Clearing cache should fix this.

On the other sideā€¦.. SE official site says there is no certificate at all.

Anyone else seeing this error?
 
Offline
Posts:
By 2023-08-31 08:39:17
 Undelete | Edit  | Link | Quote | Reply
 
Post deleted by User.
 Asura.Daleterrence
Offline
Server: Asura
Game: FFXI
user: Dalight
Posts: 5163
By Asura.Daleterrence 2023-08-31 11:37:03
Link | Quote | Reply
 
POL's website was never actually secure, it's never had a cert, it's only become more noticeable recently since browsers started showing any site without one as suspicious.
[+]
necroskull Necro Bump Detected! [317 days between previous and next post]
 Cerberus.Gillesjboulon
Offline
Server: Cerberus
Game: FFXI
user: gilles
Posts: 141
By Cerberus.Gillesjboulon 2024-07-13 15:57:44
Link | Quote | Reply
 
just want to say here that certificate on https://ffxiah.com expired on 25 june
a recent certificate is in place on https://www.ffxiah.com
a redirection from https://ffxiah.com to https://www.ffxiah.com is in place, but unfortunately, this occurs after the browser display an error
Offline
Posts: 14726
By Pantafernando 2024-07-13 16:02:40
Link | Quote | Reply
 
They use certificate with 2~3 months validity.

It must be annoying to keep doing the recycle unless automatic?
 Cerberus.Gillesjboulon
Offline
Server: Cerberus
Game: FFXI
user: gilles
Posts: 141
By Cerberus.Gillesjboulon 2024-07-13 16:24:31
Link | Quote | Reply
 
it's right, i didn't see it first : it's a 3 months validity on https://www.ffxiah.com
i guess it's let's encrypt model

but on my phone, to be speedy, i did https://ffxiah.com and got an error because the certificate has not changed on this page

i also want to say that redirection from http://ffxiah.com to https://www.ffxiah.com is correct
 Asura.Saevel
Offline
Server: Asura
Game: FFXI
Posts: 9933
By Asura.Saevel 2024-07-13 18:48:58
Link | Quote | Reply
 
Lets Encrypt does that whole super short certificate thing, though they also provided scripts and an API for automatically renewing it.
 Cerberus.Gillesjboulon
Offline
Server: Cerberus
Game: FFXI
user: gilles
Posts: 141
By Cerberus.Gillesjboulon 2024-07-13 21:21:51
Link | Quote | Reply
 
isn't cloudflare much simple to secure a web server with ssl if you don't own a certificate ?
with the free version, you can use their certificate AND hide public IP of your server, have a minimal ddos protection, analytics, no need to have to modify your server setup
 Asura.Saevel
Offline
Server: Asura
Game: FFXI
Posts: 9933
By Asura.Saevel 2024-07-13 21:35:34
Link | Quote | Reply
 
Umm that's not quite how that works...
To use CF to do SSL termination that way, there are other non-trivial steps involved, chiefly getting adjacency to the CF network or some other way to get secure transfer between CF and your servers.
 Cerberus.Gillesjboulon
Offline
Server: Cerberus
Game: FFXI
user: gilles
Posts: 141
By Cerberus.Gillesjboulon 2024-07-13 22:21:57
Link | Quote | Reply
 
yet, i did this years ago to secure a personal web server

  • let's encrypt : complicated to modify conf (for me), need to schedule a task (which i know will fail sooner or later if i not actively monitor it)

  • cloudflare : you only have to transfert them your DNS resolving then you block anything to your web server which is not coming from cloudflare IP


i spent multiple days reading tutorials on apache/linux/mod rewrite... with no result
i spent only some hours with cloudflare
 Asura.Saevel
Offline
Server: Asura
Game: FFXI
Posts: 9933
By Asura.Saevel 2024-07-13 22:27:17
Link | Quote | Reply
 
Cerberus.Gillesjboulon said: »
yet, i did this years ago to secure a personal web server

No you didn't. You can sputter and rant, but you didn't teleport bits from CF infrastructure to your personal infrastructure.

<User> --SSL-- <CF Proxy> --no encryption-- <Web Server>

It's that second half that becomes the problem, and if you struggled with something as simple as openssl and httpd, then there is no way you figured out network adjacency, site to site VPNs, or the various other tricks to handle that intermediate step.

No what you did was likely way worse, you had all the web traffic from the CF proxy to your personal web server traverse the public internet unsecure.
 Cerberus.Gillesjboulon
Offline
Server: Cerberus
Game: FFXI
user: gilles
Posts: 141
By Cerberus.Gillesjboulon 2024-07-13 22:51:05
Link | Quote | Reply
 
you're right, there is an unsecure part, but i know this.

maybe i labeled it wrong : to be clear, i didn't secure the web server with ssl
 Asura.Saevel
Offline
Server: Asura
Game: FFXI
Posts: 9933
By Asura.Saevel 2024-07-13 23:15:04
Link | Quote | Reply
 
Sending stuff like usernames, passwords, private messages and such unencrypted over the public is very very bad. Like on the top five list of things you do not do, right next to use default admin credentials.