Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^2: "This site is not secure" warning message

by hippo (Canon)
on Jun 11, 2018 at 14:01 UTC ( #1216389=note: print w/replies, xml ) Need Help??


in reply to Re: "This site is not secure" warning message
in thread "This site is not secure" warning message

Or there's the simple fix of going to Display Settings and ticking the box next to "Monk Pictures off".

Update: This problem is now (since 11th of June) mentioned in Tidings

  • Comment on Re^2: "This site is not secure" warning message

Replies are listed 'Best First'.
Re^3: "This site is not secure" warning message
by taint (Chaplain) on Jun 12, 2018 at 14:23 UTC
    This is a hostmaster error, not a user error. Why doesn't Pair have a cert? As they don't; why is perlmonks forcing a secure connection? Letsencrypt ( letsencrypt.com ) has been providing them FREE for at least a year, and they're accepted by all the major browsers. The entire process can be accomplished in some 20 minutes -- even for a large hosting outfit. I managed the whole process in 15 minutes, with ~120 hosts. IMHO this is a fairly serious matter; as when most users encounter the "frightening" message from their browser, will leave, and quite probably never come back. :-(

    λɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH

      why is perlmonks forcing a secure connection?

      Technically, Pair started redirecting to https as the default action (see https://www.pair.com/support/kb/faq-default-https-settings-ssl-certificate/#1, and more discussion in the End of HTTP? thread), so Pair is "forcing" Perlmonks to use a secure connection (though, as haukex pointed out, there is a configuration that Pair has given to their hosted sites to go back to http as the default for sites that so choose).

      Personally, I think that if Pair is encouraging the changeover to solely-https, then Pair should have worked to resolve known issues (having the one server of three on Perlmonks that has the pair.com certificate has been seen by us Monks ever since Perlmonks started using the Let's Encrypt certificates, and I cannot believe no one informed Pair of this problem). Since Pair didn't resolve it before changing the default to https, Pair needs to work quickly to resolve the problem. (And while hippo's suggested temporary fix to DNS config would work, I think the onus should be on Pair to configure all three servers to properly use the LE certificate for perlmonks)

      On my phone browser, which doesn't allow saving the security exception, I have had to switch to the perlmonks.pair.com URL, because otherwise, I have to do three clicks (the link, "show-advanced-options" button, and the "ignore-it-this-time" link) every time the round-robin picks the bad server.... and it sure feels like it was more than 1/3 of the time (though it is probably observation bias). When I get home today, I am going to switch over to hippo's host-file workaround, because even though my browser has the exception stored, my antivirus/antimalware has started flagging in the browser, and I have to do another click for every time the bad server is selected. Fortunately, and with a touch of irony given my work's added security and IT overhead and restrictions, at work my only browsing location that's still allowing me to simply store the exception and accept the *.pair.com for perlmonks.org and browse hassle-free. :-) But I'm watching these threads for news that the problem has been fixed, and the one-of-three is no longer serving the *.pair.com certificate when using the perlmonks.org/.com domain, so I can undo the workarounds and go back to safe browsing.

        > (though, as haukex pointed out, there is a configuration that Pair has given to their hosted sites to go back to http as the default for sites that so choose).

        Provided Perlmonks has a standard client interface within Pair's infrastructure, which I doubt after 18 years of special relationship.

        The problem seems to be the bureaucracy needed to motivate the necessary non-standard procedures.

        Cheers Rolf
        (addicted to the Perl Programming Language :)
        Wikisyntax for the Monastery

      This is a hostmaster error, not a user error.

      There are two problems. One (the cert/hostname mismatch) is absolutely a hostmaster error. The other (monk pic link is http only) is a site content problem (call it a "webmaster error" if you want to be all 2nd millennium about it). They both need solving (by different people).

      Why doesn't Pair have a cert?

      They do - see https://perlmonks.pairsite.com/

      There's a quick and simple fix for the cert/hostname mismatch and that is to have the DNS maintainer remove 209.197.123.153 from the list of A records for www.perlmonks.org and perlmonks.org. That will put extra strain on the other servers but that's almost certainly a better (temporary) situation than exists at present.

      Who manages the DNS?

        Feels a bit like "hair splitting". But I'll concede. I probably should have added DNSmaster, as well. :-)

        I also only wanted to add; that, given that this is largely a volunteer effort; that the cost and time to get && implement certs is free, and small respectively. No complaint, or finger pointing intended.

        My main point was only to indicate that it shouldn't be the users responsibility to overcome the problem (browser, DNS, ...).

        λɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH

        +1.

        As long as 209.197.123.153 serves a certificate not matching the dns name perlmonks.org, I would request for its corresponding A record for perlmonks.org to be removed.

        If there is something one can do to help the site, please let us know. At least i would be happy to contribute in some way.

Re^3: "This site is not secure" warning message
by AnomalousMonk (Chancellor) on Jun 11, 2018 at 17:23 UTC

    Monk pictures off. Still throwing "This site is not secure" warnings like a 4th of July fireworks display. Does this change not take effect until site page entirely closed, then opened again, or some such?


    Give a man a fish:  <%-{-{-{-<

      Monk pictures off. Still throwing "This site is not secure" warnings

      I wonder why. If it's the cert/hostname mismatch because of the *.pairsite.com certificate you have a couple of options:

      • Add a security exception for the certificate (probably the worst option, but hey)
      • Amend your local DNS or hosts file to avoid 209.197.123.153 from the list of A records for www.perlmonks.org
      • Just use https://perlmonks.pairsite.com/ in your browser instead of www.perlmonks.org

      HTH. If it's a different problem you would need to give more info.

        Yea, that's what I'm getting.


        What part of v_e = sqrt(2GM/r) don't you understand? It's only rocket science!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1216389]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (2)
As of 2019-06-16 10:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Is there a future for codeless software?



    Results (76 votes). Check out past polls.

    Notices?