Forced https? ???

u/Legimet August 11, 2015, 09:28:01 PM

Quote from: Lionel Debroux on July 26, 2015, 06:50:16 AM
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.

They changed their scchedule, and general availability will be in November.

u/novenary August 11, 2015, 09:31:05 PM

It's really nice that they're doing it at all, looking forward to avoid the mess of adding trusted certificates on android. Basically you can either add one from the settings app and get a lockscreen code forced on you or go through the trouble of figuring out how the system expects it and installing on the system partition. I eventually did the latter when I got fed up with the former.

u/Dream of Omnimaga August 12, 2015, 12:51:00 AM

Quote from: Legimet on August 11, 2015, 09:28:01 PM
Quote from: Lionel Debroux on July 26, 2015, 06:50:16 AM
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.

They changed their scchedule, and general availability will be in November.

As long as they don't do the same as Duke Nukem Forever...

Also, for odd reasons, the certificate we currently use causes the website to randomly lag like hell with some German ISPs.

u/Legimet August 12, 2015, 02:04:47 AM

Quote from: DJ Omnimaga on August 12, 2015, 12:51:00 AM
Also, for odd reasons, the certificate we currently use causes the website to randomly lag like hell with some German ISPs.

Maybe it has something to do with OCSP.

u/Dream of Omnimaga August 12, 2015, 02:24:33 AM

Ah, maybe @Streetwalrus and @Juju could check that out?

u/Adriweb August 12, 2015, 06:11:02 AM

Coincidentally, we've had to temporarily disable OCSP stapling on tiplanet domains (and others) as the startssl server for the check was being unreliable the past few days

u/Dream of Omnimaga November 01, 2015, 06:58:16 AM

By the way @Juju would it be possible to make http://img.codewalr.us work with https? Or do you need to use a different certificate per sub-domain?

u/novenary November 01, 2015, 09:21:10 AM

Our https certificate is only for codewalr.us and www.codewalr.us. We should get a wildcard certificate but these are expensive as hell. Probably going to be fixed with Let's Encrypt in like 2-3 weeks now.

u/Adriweb November 01, 2015, 09:23:48 AM

Quote from: Streetwalrus on November 01, 2015, 09:21:10 AMWe should get a wildcard certificate but these are expensive as hell.

Absolutely not

TI-Planet's is multiple-domain as well as wildcard and only cost $60 for 2 years, or something. (It's a Class 2 StartSSL one, organization verified)

Last Edit: November 01, 2015, 09:25:40 AM by Adriweb

u/novenary November 01, 2015, 09:25:42 AM

Well we don't have the same kind of funds as you do, for us that's half what hosting costs already (we pay $12 a month, or $144 a year).

u/Adriweb November 01, 2015, 09:26:49 AM

Well, that's $2.5 per month, though, even rare ads could cover that.

u/novenary November 01, 2015, 09:27:29 AM

But ads. D:

u/Adriweb November 01, 2015, 09:28:06 AM

That's in theory

But... have you guys thought about adding a Donate button?

u/novenary November 01, 2015, 09:31:07 AM

There is one actually. It's in your profile > paid subscriptions. Not the easiest to find and requires an account though, but we get enough donations it seems.

But yeah, waiting for let's encrypt.