The shoutbox is currently out of service. Join us on Discord instead.
You can help CodeWalrus stay online by donating here.

Forced https? ???

Started by DJ Omnimaga, July 24, 2015, 08:33:25 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Legimet

Quote from: Lionel Debroux on July 26, 2015, 06:50:16 am
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.


They changed their scchedule, and general availability will be in November.

Streetwalrus

It's really nice that they're doing it at all, looking forward to avoid the mess of adding trusted certificates on android. Basically you can either add one from the settings app and get a lockscreen code forced on you or go through the trouble of figuring out how the system expects it and installing on the system partition. I eventually did the latter when I got fed up with the former.

DJ Omnimaga

Quote from: Legimet on August 11, 2015, 09:28:01 pm
Quote from: Lionel Debroux on July 26, 2015, 06:50:16 am
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.


They changed their scchedule, and general availability will be in November.
As long as they don't do the same as Duke Nukem Forever... <_<


Also, for odd reasons, the certificate we currently use causes the website to randomly lag like hell with some German ISPs.

Legimet

Quote from: DJ Omnimaga on August 12, 2015, 12:51:00 am
Also, for odd reasons, the certificate we currently use causes the website to randomly lag like hell with some German ISPs.


Maybe it has something to do with OCSP.

DJ Omnimaga

Ah, maybe @Streetwalrus and @Juju could check that out?

Adriweb

Coincidentally, we've had to temporarily disable OCSP stapling on tiplanet domains (and others) as the startssl server for the check was being unreliable the past few days
Co-founder & co-administrator of TI-Planet and Inspired-Lua

DJ Omnimaga

By the way @Juju would it be possible to make http://img.codewalr.us work with https? Or do you need to use a different certificate per sub-domain?

Streetwalrus

Our https certificate is only for codewalr.us and www.codewalr.us. We should get a wildcard certificate but these are expensive as hell. Probably going to be fixed with Let's Encrypt in like 2-3 weeks now.

Adriweb

November 01, 2015, 09:23:48 am #38 Last Edit: November 01, 2015, 09:25:40 am by Adriweb
Quote from: Streetwalrus on November 01, 2015, 09:21:10 amWe should get a wildcard certificate but these are expensive as hell.

Absolutely not :) TI-Planet's is multiple-domain as well as wildcard and only cost $60 for 2 years, or something. (It's a Class 2 StartSSL one, organization verified)
Co-founder & co-administrator of TI-Planet and Inspired-Lua

Streetwalrus

Well we don't have the same kind of funds as you do, for us that's half what hosting costs already (we pay $12 a month, or $144 a year).

Adriweb

Well, that's $2.5 per month, though, even rare ads could cover that.
Co-founder & co-administrator of TI-Planet and Inspired-Lua

Streetwalrus


Adriweb

That's in theory :P

But... have you guys thought about adding a Donate button?
Co-founder & co-administrator of TI-Planet and Inspired-Lua

Streetwalrus

There is one actually. It's in your profile > paid subscriptions. Not the easiest to find and requires an account though, but we get enough donations it seems.

But yeah, waiting for let's encrypt. :)

Snektron

Why are SSL Certificate's so expesive anyway? i mean i could generate one myself so that's obviously not it
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Powered by EzPortal