[vcf-midatlantic] social.vcfed.org is down again

[Jonathan Chapman]

> Yes, HSTS has been disabled. You can reach the site now while we are getting new certs installed. Just accept the expired cert.

I don't want to be telling folks how to do their jobs (especially since it's volunteer work), but that's a pretty rough suggestion nowadays. Looks like you're using LetsEncrypt, which is a good choice, but since the certs are short and the process should​ be automated and should​ work, I always monitor when I use LetsEncrypt. I've had two occasions where changes to their API broke acme-client​ on OpenBSD. For that situation, simply giving mail​ an actual deliverable address to go to will let you know.

For more complex situations, like when the deployment of the cert sometimes fails because of (customer) client derps, I set up a CI job to do a HTTPS connection to the page (just a cURL will do it) and bomb if there's any errors or the cert is within X days of expiration.

Thanks,
Jonathan