[vcf-midatlantic] social.vcfed.org is down again

Jeffrey Brace jeffrey at vcfed.org
Wed Mar 15 03:18:11 UTC 2023


On Tue, Mar 14, 2023 at 11:14 PM Christian Liendo via vcf-midatlantic <
vcf-midatlantic at lists.vcfed.org> wrote:

> honestly you can buy a cert cheaply now. I think RapidSSL is like $18/year
> for a domain validated cert.
>

I believe that it is all covered. We had one before, but it needed to be
renewed by Bob. He is hosting all our VCF stuff.


>
> On Tue, Mar 14, 2023, 8:26 PM Jonathan Chapman via vcf-midatlantic <
> vcf-midatlantic at lists.vcfed.org> wrote:
>
> > > Yes, HSTS has been disabled. You can reach the site now while we are
> > getting new certs installed. Just accept the expired cert.
> >
> > I don't want to be telling folks how to do their jobs (especially since
> > it's volunteer work), but that's a pretty rough suggestion nowadays.
> Looks
> > like you're using LetsEncrypt, which is a good choice, but since the
> certs
> > are short and the process should be automated and should work, I always
> > monitor when I use LetsEncrypt. I've had two occasions where changes to
> > their API broke acme-client on OpenBSD. For that situation, simply giving
> > mail an actual deliverable address to go to will let you know.
> >
> > For more complex situations, like when the deployment of the cert
> > sometimes fails because of (customer) client derps, I set up a CI job to
> do
> > a HTTPS connection to the page (just a cURL will do it) and bomb if
> there's
> > any errors or the cert is within X days of expiration.
> >
> > Thanks,
> > Jonathan
>


More information about the vcf-midatlantic mailing list