Risky blog!

This morning:

Solved! :slight_smile:

How did you solve it (just in case one of us sees it too)?

Waiting :smiley:

Well, no that is not the solution. The certificate for that website has expired yesterday, Sunday 8th January, and has not been renewed.

The admin of that site needs to take care of that.

1 Like

True @JuergenP ! But I can swear it worked one hour ago… No idea why…

That is strange, because the certificate clearly says sunday

image

Sorry for the german interface, the text “Gültig bis” is “Valid until” in english

Yes, it doesn’t work for me either. Certificates might be useful for security, but they essentially make all software ‘go off’ at some point in the future.

How anyone is going to do hobby retro-computing in 2065, I’ve no idea.

3 Likes

They are essential for your privacy. I guess you don’t want your password or bank account or other IDs freely floating in the internet.

It is pretty easy to get a certificate for your private website from

1 Like

I’m not convinced they are the best solution to that problem.

That won’t work for anything signed by anyone else, like Apple, Microsoft, Google, etc, will it? Like that time when HP printer drivers stopped working, because a certificate expired. Or all macOS installers had to be re-downloaded, for the same reason.

So how do you secure your privacy? What is your solution?

Of course it is not working for companies you do not have administrative access. This is basically an administrative problem, because expiry dates are known and if they are not renewed early enough, they run into problems (I’m not going deeper into what I think about HP printers).

For the websites I own the Lets Encrypt authority is perfectly fine and working.

So my point about trying to run current software on ‘vintage’ machines in 35 years time stands. As soon as someone flicks a switch (or forgets to do so), our entire digital world stops working, unless it’s all been ported and migrated to new stuff.

2 Likes

Trusted authority certs were historically an imperfect soln to the problem of the day, providing both secure and known identity communication. That works great for talking to your bank, but not for talking to most of what the internet is used for, and the overhead is prohibitive for smaller sites that still want secure communication. Let’s Encrypt has solved most of those problems.

In this case consider the example - OK good so you can securely communicate with Dorico’s blog, if your nameserver has been hijacked can you trust your cert authority? And who cares anyhow, it’s just Dorico’s blog and ssl is a convenance or convention but hardly necessary.

I think Mozilla should have - back when - provided levels, which is level 0 being no encryption/no trust, level 2 which is encryption via key sharing, and L3 which is L2 plus cert authority authentication for when you talk to your bank.

1 Like

Our IT team are working on resolving this issue. Sorry for the inconvenience in the meantime.

3 Likes

Still risky! Obviously I accepted the risk (I presume inexistent :wink: )

OK now!
(Just waiting…)

This issue has now been resolved.

1 Like

LetsEncrypt has certbot which is a program that can auto renew the certificates without manual intervention. I think the current expiry period for LetsEncrypt certificates is 90 days, and certbot will check via cron and update ahead of time when needed.

If the Dorico blog server is not using this function,. it ought to be. Everybody else does. So the problem becomes non-existent.

Firefox is the most aggressive browser when it comes to insisting on only using https to connect to sites. But there is a hidden option buried deep to turn it off. I’d recommend not doing so. You can usually go ahead and ‘accept the risk’.

2 Likes

That explains it, yeah I use Firefox mostly and on my Synology devices with home grown certs (they don’t support Let’s Encrypt yet strangely) it screams at you, which is pretty laughable most of the time.

The whole system is pretty secure anyhow I’ve not heard of a crack on that side of it. Hell I noticed Biden uses an iPhone now (Obama was only allowed a Blackberry), and Apple just builds on trusted certs AFAIK, so if it’s good enough for the Secret Service/NSA then …