Page 1 of 2

Security certificate expired on forums

PostPosted: March 23rd, 2018, 7:17 pm
by kayotics
I don't know if this is happening to anyone else, but I'm getting a warning about an expired security certificate, but only on the forums. The main site is fine. I'm using Chrome, and checked Safari where I'm getting the error there too. I didn't see it earlier today while I was browsing with a different wifi connection.

Maybe it's just my wi-fi, but it does make browsing the forums nearly impossible. I also don't know... exactly who to contact about this problem, so I'm posting it here.

Code: Select all
Your connection is not private

Attackers might be trying to steal your information from www.smackjeeves.com (for example, passwords, messages, or credit cards).

Automatically send some system information and page content to Google to help detect dangerous apps and sites.

This server could not prove that it is www.smackjeeves.com; its security certificate expired yesterday. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Friday, March 23, 2018. Does that look right? If not, you should correct your system's clock and then refresh this page.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 7:26 pm
by eishiya
I am getting this issue too.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 7:42 pm
by Yenzala
Me too.
I just clicked "advanced" then "proceed to smackjeeves (unsafe)"
Pft! unsafe? I aint scared of no ghosts!

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 8:06 pm
by kayotics
Good to know it's not just me, haha.

For anyone concerned and doesn't know what it means: the security certificate is what makes URLs go into HTTPS rather than just HTTP. It has to do with how files are transferred over the internet. HTTP (or hyper text transfer protocol) isn't encrypted, where the secure version (the S just stands for secure) is encrypted.

It's MOSTLY important for websites that are taking your credit card information like stores and any online banking options, but the forums do take your password, so that's some information that could be potentially gathered with an unencrypted file transfer.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 8:55 pm
by bomango
This is also affecting bomango.net which is configured to point to our webcomic. Can we get an ETA on this SSL issue being fixed?

Correction: If I go to bomango.net in any browser where I have never logged into smackjeeves.com it works normally, it only affects browsers where I have a stored login for smackjeeves.com.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 10:13 pm
by eishiya
bomango wrote:This is also affecting bomango.net which is configured to point to our webcomic. Can we get an ETA on this SSL issue being fixed?

Correction: If I go to bomango.net in any browser where I have never logged into smackjeeves.com it works normally, it only affects browsers where I have a stored login for smackjeeves.com.

It's not affecting it for me, since it's HTTP rather than HTTPS.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 10:34 pm
by TheJGamer
Was gonna make a topic on it but nice to see that you've already made one.

It happens on my computer only when I log in, but it happens on my phone anytime- logging in, pressing the "Login" button, getting to the forums, and all that jazz. (I was in Samsung Internet on my Samsung Galaxy S8, if that matters.)

Looks like SJ's gonna have to update their security certificate! The question is, does renewing one take forever, or is it instantaneous? Just outta curiosity.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 10:56 pm
by Admin
Sorry about that everyone, the site's SSL security certificate was supposed to automatically renew but it was scheduled a day late. It should be fixed now.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 10:59 pm
by eishiya
Admin wrote:Sorry about that everyone, the site's SSL security certificate was supposed to automatically renew but it was scheduled a day late. It should be fixed now.

Yay!

Any chance to make http:// redirect to https://? It's very easy to miss out on using HTTPS since there's no redirect and no reduction in functionality when using HTTP. Links throughout the site are inconsistent re: protocol, as well.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 11:06 pm
by Admin
Not yet. There are plans to update the entire site to HTTPS, including *.thewebcomic.com domains and custom domains. However, this requires a lot of SSL certificate management, and I need to build a system for automatically acquiring and renewing SSL certificates from scratch.

Re: Security certificate expired on forums

PostPosted: March 23rd, 2018, 11:10 pm
by kayotics
Thanks for the update! Frustrating when auto-renew doesn’t work quite right, but glad it was cleared up. : )

Re: Security certificate expired on forums

PostPosted: March 24th, 2018, 10:08 am
by mitchellbravo
Relieved it's resolved! I saw this thread on the main site forum-preview block and couldn't even post in it to share that I was having the problem too :lol:

Re: Security certificate expired on forums

PostPosted: March 24th, 2018, 10:09 am
by AltCat
Admin wrote:Not yet. There are plans to update the entire site to HTTPS, including *.thewebcomic.com domains and custom domains. However, this requires a lot of SSL certificate management, and I need to build a system for automatically acquiring and renewing SSL certificates from scratch.


So when that all non secured sites will trigger warnings updates happens, "www.somewebcomic.net" would be considered secure without the holder of that domain doing anything?

Re: Security certificate expired on forums

PostPosted: March 24th, 2018, 12:22 pm
by Admin
AltCat wrote:
Admin wrote:Not yet. There are plans to update the entire site to HTTPS, including *.thewebcomic.com domains and custom domains. However, this requires a lot of SSL certificate management, and I need to build a system for automatically acquiring and renewing SSL certificates from scratch.


So when that all non secured sites will trigger warnings updates happens, "www.somewebcomic.net" would be considered secure without the holder of that domain doing anything?


I think you're referring to Google's plans to eventually ramp up the "WARNING YOU'RE ON AN INSECURE SITE" messages (thanks Google). Anyway, yes, custom domain name holders won't have to do anything beyond what they've already done (which is set their domain's nameservers to SJ's).

Re: Security certificate expired on forums

PostPosted: March 25th, 2018, 6:10 am
by AltCat
Admin wrote:I think you're referring to Google's plans to eventually ramp up the "WARNING YOU'RE ON AN INSECURE SITE" messages (thanks Google).


Aha, didn't know it was a google thing, but Chrome was the first browser said to default this function, so that was why then I guess. It would issue warning for non secure sites with forms and such interactions on at first, then the any site ramp up would start later. Next year I think.

But the other browsers will surely follow pretty quickly. Because who would want to be the the unsafe alternative all of a sudden.. :|

Admin wrote:Anyway, yes, custom domain name holders won't have to do anything beyond what they've already done (which is set their domain's nameservers to SJ's).


Good to hear.