Join us on Discord!
You can help CodeWalrus stay online by donating here.

Forced https? ???

Started by Dream of Omnimaga, July 24, 2015, 08:33:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Legimet

Quote from: Lionel Debroux on July 26, 2015, 06:50:16 AM
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.

They changed their scchedule, and general availability will be in November.

novenary

It's really nice that they're doing it at all, looking forward to avoid the mess of adding trusted certificates on android. Basically you can either add one from the settings app and get a lockscreen code forced on you or go through the trouble of figuring out how the system expects it and installing on the system partition. I eventually did the latter when I got fed up with the former.

Dream of Omnimaga

Quote from: Legimet on August 11, 2015, 09:28:01 PM
Quote from: Lionel Debroux on July 26, 2015, 06:50:16 AM
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.

They changed their scchedule, and general availability will be in November.
As long as they don't do the same as Duke Nukem Forever... <_<


Also, for odd reasons, the certificate we currently use causes the website to randomly lag like hell with some German ISPs.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Legimet

Quote from: DJ Omnimaga on August 12, 2015, 12:51:00 AM
Also, for odd reasons, the certificate we currently use causes the website to randomly lag like hell with some German ISPs.

Maybe it has something to do with OCSP.

Dream of Omnimaga

Ah, maybe @Streetwalrus and @Juju could check that out?
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Adriweb

Coincidentally, we've had to temporarily disable OCSP stapling on tiplanet domains (and others) as the startssl server for the check was being unreliable the past few days
  • Calculators owned: TI-Nspire CX CAS, TI-Nspire CX, TI-Nspire CAS (x3), TI-Nspire (x2), TI-Nspire CM-C CAS, TI-Nspire CAS+, TI-80, TI-82 Stats.fr, TI-82 Plus, TI-83 Plus, TI-83 Plus.fr USB, TI-84+, TI-84+ Pocket SE, TI-84+ C Silver Edition, TI-84 Plus CE, TI-89 Titanium, TI-86, TI-Voyage 200, TI-Collège Plus, TI-Collège Plus Solaire, 3 HP, some Casios
Co-founder & co-administrator of TI-Planet and Inspired-Lua

Dream of Omnimaga

By the way @Juju would it be possible to make http://img.codewalr.us work with https? Or do you need to use a different certificate per sub-domain?
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

novenary

Our https certificate is only for codewalr.us and www.codewalr.us. We should get a wildcard certificate but these are expensive as hell. Probably going to be fixed with Let's Encrypt in like 2-3 weeks now.

Adriweb

#38
Quote from: Streetwalrus on November 01, 2015, 09:21:10 AMWe should get a wildcard certificate but these are expensive as hell.
Absolutely not :) TI-Planet's is multiple-domain as well as wildcard and only cost $60 for 2 years, or something. (It's a Class 2 StartSSL one, organization verified)
  • Calculators owned: TI-Nspire CX CAS, TI-Nspire CX, TI-Nspire CAS (x3), TI-Nspire (x2), TI-Nspire CM-C CAS, TI-Nspire CAS+, TI-80, TI-82 Stats.fr, TI-82 Plus, TI-83 Plus, TI-83 Plus.fr USB, TI-84+, TI-84+ Pocket SE, TI-84+ C Silver Edition, TI-84 Plus CE, TI-89 Titanium, TI-86, TI-Voyage 200, TI-Collège Plus, TI-Collège Plus Solaire, 3 HP, some Casios
Co-founder & co-administrator of TI-Planet and Inspired-Lua

novenary

Well we don't have the same kind of funds as you do, for us that's half what hosting costs already (we pay $12 a month, or $144 a year).

Adriweb

Well, that's $2.5 per month, though, even rare ads could cover that.
  • Calculators owned: TI-Nspire CX CAS, TI-Nspire CX, TI-Nspire CAS (x3), TI-Nspire (x2), TI-Nspire CM-C CAS, TI-Nspire CAS+, TI-80, TI-82 Stats.fr, TI-82 Plus, TI-83 Plus, TI-83 Plus.fr USB, TI-84+, TI-84+ Pocket SE, TI-84+ C Silver Edition, TI-84 Plus CE, TI-89 Titanium, TI-86, TI-Voyage 200, TI-Collège Plus, TI-Collège Plus Solaire, 3 HP, some Casios
Co-founder & co-administrator of TI-Planet and Inspired-Lua

novenary


Adriweb

That's in theory :P

But... have you guys thought about adding a Donate button?
  • Calculators owned: TI-Nspire CX CAS, TI-Nspire CX, TI-Nspire CAS (x3), TI-Nspire (x2), TI-Nspire CM-C CAS, TI-Nspire CAS+, TI-80, TI-82 Stats.fr, TI-82 Plus, TI-83 Plus, TI-83 Plus.fr USB, TI-84+, TI-84+ Pocket SE, TI-84+ C Silver Edition, TI-84 Plus CE, TI-89 Titanium, TI-86, TI-Voyage 200, TI-Collège Plus, TI-Collège Plus Solaire, 3 HP, some Casios
Co-founder & co-administrator of TI-Planet and Inspired-Lua

novenary

There is one actually. It's in your profile > paid subscriptions. Not the easiest to find and requires an account though, but we get enough donations it seems.

But yeah, waiting for let's encrypt. :)

Snektron

Why are SSL Certificate's so expesive anyway? i mean i could generate one myself so that's obviously not it
  • Calculators owned: TI-84+
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Powered by EzPortal