Security Certificate has expired.

[Saul]

Hi ALL!

The CRsociety website currently has no security certificate -- our previous certificate expired about 2 days ago.  It should be replaced or extended; posting has dropped to near zero since the expiration of the certificate.

  --  Saul

[mccoy]

Yes, google chrome blocks the site

It can be reached by other browsers though, overriding the security warnings

[Saul]

It's easy to override the security warning in Google Chrome -- but it remains true, that it's an "insecure" connection.  This doesn't bother me; the material I share on this List is stuff that I don't mind being public (after all, anyone can join the crsociety).

Of course, there's the fact that my password is (probably) very easily hackable while the certificate is down -- but I've never trusted the security level of the crsociety -- so I have a very different, unique password for this site -- not at all resembling passwords to the other sites that I visit.

So the lack of security does not concern me personally -- but it probably DOES concern many other members, who might e.g. use the same passwd for this and some other, more critical, website or email account.

   --  Saul

[Gordo]

For the admin, as I see "Let's Encrypt" is the issuing authority, the host server should be setup to auto-renew the SSL certificate, I've done this on 3 servers before.  For windows the easy way is to use: https://github.com/PKISharp/win-acme  (auto-renew setup is completely automated).

For other platforms see: https://www.bing.com/search?q=how+to+setup+auto-renew+lets+encrypt&PC=U316&FORM=CHROMN

[Saul]

Thanks Gordo!

That might help the admin.

  --  Saul

[Matt]

Where is the admin?

Has anyone messaged Tim to make him aware that the certificate needs to be renewed? I thought this should be done automatically on the hosting...

It's no good just overriding it, it's a big issue and should be fixed.

[Saul]

Hi Matt!

I just sent a message to Tim.

  --  Saul

[Matt]

I emailed him and sent him a message also, but he hasn't replied. I assume he knows how to bypass the warning...  I'm surprised the problem isn't fixed yet.

[Todd S]

Saul and Matt,

I think that the certificate was renewed within a few days of expiration. I first noticed on my iPhone when the problem had been resolved.

On my Mac, I had to take a specific action to stop getting the warnings. I can't recall whether I had to clear browser history or I had to reboot the Mac. But I think it was one of those two things that worked for me.

[Matt]

I've tried opening the website on other browsers and I still get the same message.

I just tried on my phone now for the first time and I get a warning message. 

[Saul]

Yeah -- it isn't fixed,

  --  Saul

[Todd S]

Okay -- this time I read the www.globalsign.com description of how to view the SSL certificate in each browser.

The certificate is still expired. I had used an option of Safari to remember to trust this particular certificate for this particular website (www.crsociety.org).

[Matt]

Tim hasn't responded to my email or read the inbox message on here. I wonder if he realizes he can bypass the warning? Or maybe he's just busy.

Does anyone else know who to contact about this?

It seems that admins are absent on here and on the CR page on Facebook.

[Saul]

I just emailed Tim.

  --  Saul