Late last night (~10 PM UTC), the security certificates for SoylentNews.org expired. (Out-of-date certs result in nasty warning messages being displayed by your browser.)
Please accept my apologies for any inconvenience the outage caused.
Unfortunately, that was after I (and others on staff who could do anything about it) had gone to bed.
I had personally updated the certs in the past, but the last time was years ago. (TheMightyBuzzard had previously — and subsequently — handled getting and applying updated certs.) It had been so long that I could not find my notes on the process. (Note to self: it helps to look in the correct directory tree!)
Thankfully, audioguy appeared and was able to get things updated.
Please join me in thanking him for getting things straightened out!
P.S. The current certs are due to expire December 14, 2021, Please feel free to remind us as that date approaches!
P.P.S. The technical staff is aware of various automated solutions to renewals but made a conscious decision to do them manually. Remember that people make mistakes but to really foul things up use a computer!
(Score: 4, Informative) by FatPhil on Wednesday September 15 2021, @02:56PM (8 children)
"This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."
Fortunately some legacy browsers do not honour this flag, so it was still possible to access the site. I could happily use w3m, for example.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Informative) by JoeMerchant on Wednesday September 15 2021, @03:08PM (2 children)
Chrome explained the HSTS thing and refused to load the site.
🌻🌻 [google.com]
(Score: 2) by EvilSS on Wednesday September 15 2021, @03:33PM (1 child)
(Score: 2) by JoeMerchant on Wednesday September 15 2021, @06:09PM
I didn't persist on Chrome looking for bypass settings, I just opened whatever was on the screen and none of it let me in.
Chrome in Ubuntu, relatively up to date.
🌻🌻 [google.com]
(Score: 2, Informative) by Anonymous Coward on Wednesday September 15 2021, @03:14PM
One way to bypass this in a modern browser, is to have the browser forget it has seen the HSTH header. If all site data is cleaned, the next time the browser starts it will just complain about a bad certificate and the advanced option will allow an override. This of course is a terrible idea and it would be best just to wait, but it does work.
(Score: 0) by Anonymous Coward on Wednesday September 15 2021, @03:18PM
You could do it with Firefox by toggling some ...stricttransport... setting in about:config to false and then editing a site security text file in your firefox profile to remove the soylentnews.org line.
(Score: 1, Interesting) by Anonymous Coward on Wednesday September 15 2021, @03:52PM (2 children)
I have opted for my choices to take priority and edited my browser to give me the option to continue. Open source FTW.
(Score: 2) by RS3 on Wednesday September 15 2021, @11:43PM (1 child)
Which browser?
(Score: 1, Interesting) by Anonymous Coward on Thursday September 16 2021, @01:44AM
I only do FF browsers, in this case New Moon.
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -5067,7 +5067,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
// never want to show the "Add Exception" button for these sites.
// In the future we should differentiate between an HSTS host and a
// pinned host and display a more informative message to the user.
- if (isStsHost || isPinnedHost) {
+ // it is my browser and I do want to be able to make
+ // an exception to cert issues, as long as I am still talking
+ // encrypted.
+ //if (isStsHost || isPinnedHost) {
+ if (isPinnedHost) {
cssClass.AssignLiteral("badStsCert");
}