[vcf-midatlantic] social.vcfed.org is down again

[Christian Liendo]

honestly you can buy a cert cheaply now. I think RapidSSL is like $18/year
for a domain validated cert.

On Tue, Mar 14, 2023, 8:26 PM Jonathan Chapman via vcf-midatlantic <
vcf-midatlantic at lists.vcfed.org> wrote:

> > Yes, HSTS has been disabled. You can reach the site now while we are
> getting new certs installed. Just accept the expired cert.
>
> I don't want to be telling folks how to do their jobs (especially since
> it's volunteer work), but that's a pretty rough suggestion nowadays. Looks
> like you're using LetsEncrypt, which is a good choice, but since the certs
> are short and the process should​ be automated and should​ work, I always
> monitor when I use LetsEncrypt. I've had two occasions where changes to
> their API broke acme-client​ on OpenBSD. For that situation, simply giving
> mail​ an actual deliverable address to go to will let you know.
>
> For more complex situations, like when the deployment of the cert
> sometimes fails because of (customer) client derps, I set up a CI job to do
> a HTTPS connection to the page (just a cURL will do it) and bomb if there's
> any errors or the cert is within X days of expiration.
>
> Thanks,
> Jonathan