On 9/24/18 8:30 AM, Kevin A. McGrail wrote:
On 9/24/2018 7:06 AM, Dave Jones wrote:
On 9/24/18 5:33 AM, Sidney Markowitz wrote:
I was updating links on one of our wiki pages to https when I
discovered that
http://ruleqa.spamassassin.org does not take a https link.
Chrome reports ruleqa.spamassassin.org sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Firefox reports SSL received a record that exceeded the maximum
permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
I can setup a letsencrypt.org cert on this server if no on has any
objections.
I don't think you'll be able to approve it.
1) Ask infra for the public and private for the *.apache.org cert which
I could see they might not want to give
This would be a cert for a spamassassin.org based on the URL.
2) Coordinate a free letsencrypt cert with infra
I would install certbot on the sa-vm1 server which would automatically
renew the cert just for ruleqa.spamassassin.org via HTTP validation so
there technically isn't any coordination needed. I will be glad to
coordinate with infra anyway just to follow procedure and for the sake
of communication.
3) ?? I'm happy to pay the $20 for a RapidSSL cert if that helps.
I would rather setup LE certbot and not have to fool with manually
managing the cert every year or two. The price is not the issue. It's
the trouble remembering to do it in time before the cert expires.
Everything should be going to LE certs now with Chrome's push toward
HTTPS everywhere and now that LE is doing wildcard certs. You can setup
certbot easily then forget about it. Now if you are on Windows and IIS
then it's a different story but I suspect that will be changing here
over the next year.
Dave