[vcf-midatlantic] social.vcfed.org is down again
Jeffrey Brace
jeffrey at vcfed.org
Wed Mar 15 03:18:11 UTC 2023
On Tue, Mar 14, 2023 at 11:14 PM Christian Liendo via vcf-midatlantic <
vcf-midatlantic at lists.vcfed.org> wrote:
> honestly you can buy a cert cheaply now. I think RapidSSL is like $18/year
> for a domain validated cert.
>
I believe that it is all covered. We had one before, but it needed to be
renewed by Bob. He is hosting all our VCF stuff.
>
> On Tue, Mar 14, 2023, 8:26 PM Jonathan Chapman via vcf-midatlantic <
> vcf-midatlantic at lists.vcfed.org> wrote:
>
> > > Yes, HSTS has been disabled. You can reach the site now while we are
> > getting new certs installed. Just accept the expired cert.
> >
> > I don't want to be telling folks how to do their jobs (especially since
> > it's volunteer work), but that's a pretty rough suggestion nowadays.
> Looks
> > like you're using LetsEncrypt, which is a good choice, but since the
> certs
> > are short and the process should be automated and should work, I always
> > monitor when I use LetsEncrypt. I've had two occasions where changes to
> > their API broke acme-client on OpenBSD. For that situation, simply giving
> > mail an actual deliverable address to go to will let you know.
> >
> > For more complex situations, like when the deployment of the cert
> > sometimes fails because of (customer) client derps, I set up a CI job to
> do
> > a HTTPS connection to the page (just a cURL will do it) and bomb if
> there's
> > any errors or the cert is within X days of expiration.
> >
> > Thanks,
> > Jonathan
>
More information about the vcf-midatlantic
mailing list