Re: [Firebird-devel] Web site cert issue
Hi! Done, however, old browsers will complain about unsupported TLS version. TLS v 1.3 will be enabled on new site after we will perform some upgrades (I think, we will upgrade VM os too). -- Best regards, Sergeymailto:s...@dqteam.com On Tue, 18 Feb 2020 at 15:48, marius adrian popa wrote: > Could you tweak the nginx config to be more secure > https://www.ssllabs.com/ssltest/analyze.html?d=firebirdsql.org > > On Fri, Feb 14, 2020 at 8:11 PM Sergey Mereutsa wrote: > >> Hi! >> >> I solved this issue by adding a certificate with longer lifetime - just >> need to put reminder to reissue it next year :) >> >> >> >> -- >> Best regards, >> Sergeymailto:s...@dqteam.com >> >> >> >> On Fri, 14 Feb 2020 at 19:33, Adriano dos Santos Fernandes < >> adrian...@gmail.com> wrote: >> >>> On 14/02/2020 13:13, Lester Caine wrote: >>> > >>> > >>> > That said, letsencrypt can't be relied on to complete a renewal cycle >>> > ... I've just had manually clean up some certs myself so you have to >>> > keep on top of every one :( >>> > >>> >>> It always worked where I setup automatically renew. >>> >>> >>> Adriano >>> >>> >>> >>> Firebird-Devel mailing list, web interface at >>> https://lists.sourceforge.net/lists/listinfo/firebird-devel >>> >> Firebird-Devel mailing list, web interface at >> https://lists.sourceforge.net/lists/listinfo/firebird-devel >> > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
Could you tweak the nginx config to be more secure https://www.ssllabs.com/ssltest/analyze.html?d=firebirdsql.org On Fri, Feb 14, 2020 at 8:11 PM Sergey Mereutsa wrote: > Hi! > > I solved this issue by adding a certificate with longer lifetime - just > need to put reminder to reissue it next year :) > > > > -- > Best regards, > Sergeymailto:s...@dqteam.com > > > > On Fri, 14 Feb 2020 at 19:33, Adriano dos Santos Fernandes < > adrian...@gmail.com> wrote: > >> On 14/02/2020 13:13, Lester Caine wrote: >> > >> > >> > That said, letsencrypt can't be relied on to complete a renewal cycle >> > ... I've just had manually clean up some certs myself so you have to >> > keep on top of every one :( >> > >> >> It always worked where I setup automatically renew. >> >> >> Adriano >> >> >> >> Firebird-Devel mailing list, web interface at >> https://lists.sourceforge.net/lists/listinfo/firebird-devel >> > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
Hi! I solved this issue by adding a certificate with longer lifetime - just need to put reminder to reissue it next year :) -- Best regards, Sergeymailto:s...@dqteam.com On Fri, 14 Feb 2020 at 19:33, Adriano dos Santos Fernandes < adrian...@gmail.com> wrote: > On 14/02/2020 13:13, Lester Caine wrote: > > > > > > That said, letsencrypt can't be relied on to complete a renewal cycle > > ... I've just had manually clean up some certs myself so you have to > > keep on top of every one :( > > > > It always worked where I setup automatically renew. > > > Adriano > > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14/02/2020 13:13, Lester Caine wrote: > > > That said, letsencrypt can't be relied on to complete a renewal cycle > ... I've just had manually clean up some certs myself so you have to > keep on top of every one :( > It always worked where I setup automatically renew. Adriano Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14/02/2020 12:28, Dimitry Sibiryakov wrote: What on this site requires encryption is still an open question. Being forced to add certificates to all my client sites simply to stop google and browsers complaining that they are 'insecure' I agree with your comment on sites full of open data, but things have progressed to a point where NOT using HTTPS is virtually impossible without other agro. That said, letsencrypt can't be relied on to complete a renewal cycle ... I've just had manually clean up some certs myself so you have to keep on top of every one :( -- Lester Caine - G8HFL - Contact - https://lsces.uk/wiki/Contact L.S.Caine Electronic Services - https://lsces.uk Model Engineers Digital Workshop - https://medw.uk Rainbow Digital Media - https://rainbowdigitalmedia.uk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14/02/2020 10:31, Mark Rotteveel wrote: > > > PS: It is high time that the tracker also gets HTTPS, but given the > ancient version of Jira it's using, I'm not sure if that is an option. It's generally an option to put a reverse-proxy (nginx) in front of it. Looks like most of its returned URLs are relative, so it should work. Adriano Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14-02-2020 13:28, Dimitry Sibiryakov wrote: 14.02.2020 13:25, Mark Rotteveel wrote: In any case, it has been fixed. As far as I understand, the certbot didn't restart the site after renewing the certificate causing it to continue to use the old certificate. What on this site requires encryption is still an open question. It protects against man-in-the-middle tampering (like access providers injecting ads) (and other benefits, see https://snyk.io/blog/10-reasons-to-use-https/), and because of those benefits, search engines gives pages with HTTPS a higher score. Contrary to your opinion, HTTPS by default is the new normal, and HTTP (or only HTTP) is the oddity. Mark PS: It is high time that the tracker also gets HTTPS, but given the ancient version of Jira it's using, I'm not sure if that is an option. -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
Hi! It is fixed already :) -- Best regards, Sergeymailto:s...@dqteam.com On Fri, 14 Feb 2020 at 14:01, Scott Morgan via Firebird-devel < firebird-devel@lists.sourceforge.net> wrote: > Not sure if this is the right list for it, but the > https://firebirdsql.org/ cert has expired. > > Somebody needs to kick the Let's Encrypt updater? > > Scott > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
14.02.2020 13:25, Mark Rotteveel wrote: In any case, it has been fixed. As far as I understand, the certbot didn't restart the site after renewing the certificate causing it to continue to use the old certificate. What on this site requires encryption is still an open question. -- WBR, SD. Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14-02-2020 12:45, Scott Morgan via Firebird-devel wrote: Not sure if this is the right list for it, but the https://firebirdsql.org/ cert has expired. Somebody needs to kick the Let's Encrypt updater? The firebird-website list is probably a better venue for it. In any case, it has been fixed. As far as I understand, the certbot didn't restart the site after renewing the certificate causing it to continue to use the old certificate. Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel