Page 1 of 1

Hosting issue

Posted: Sun Sep 29, 2019 8:55 am
by Ice Cream Jonsey
Do you guys know what side is fucking up for an error like this?
Your connection is not private
Attackers might be trying to steal your information from www.trottingkrips.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

Help improve Safe Browsing by sending some system information and page content to Google. Privacy policy
This server could not prove that it is www.trottingkrips.com; its security certificate is from shortener.secureserver.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to www.trottingkrips.com (unsafe)
I am using SoonerDomains for the domain only. Dreamhost for the actual content.

I get it trying to go to https://www.trottingkrips.com. Just going to http://www.trottingkrips.com works with no errors.

Re: Hosting issue

Posted: Sun Sep 29, 2019 9:35 am
by pinback
The SSL cert is for "shortener.secureserver.net", not trottingkrips.com. Do you have the abililty to install a correct cert?

Re: Hosting issue

Posted: Sun Sep 29, 2019 9:40 am
by pinback
"trottingkrips.com" points to 184.168.131.241, which is shortener.secureserver.net. I dunno how shortener works, and why you can still get the trottingkrips website when you go there, but that's why there's a mismatch with the SSL cert.

Re: Hosting issue

Posted: Mon Sep 30, 2019 12:21 pm
by Tdarcos
pinback wrote:
Sun Sep 29, 2019 9:40 am
but that's why there's a mismatch with the SSL cert.
Which also says something about inertia, HTTPS no longer uses SSL; it has been deprecated since 2015 by RFC 7568. It's an old dog and is vulnerable to POODLE attacks. It was replaced by TLS which has gone through several revisions to counter its vulnerabilities. In fact, anyone processing.credit cards can no longer use TLS 1.0 and has been required by PCI for more than 15 months to use at least TLS 1.1. Since several open source libraries support TLS 1.3 most systems are going that route.

This article explains how HTTPS works; it's just HTTP with some encryption bolted on. This is why I have said to Jonsey since he is holding an HTTPS certificate for Jolt Country he should modify at least the routine that calls the login page as well as that page to force HTTPS. At least with secure login no one can forge credentials although forcing all traffic to this webdite as HTTPS might be a good idea.

Re: Hosting issue

Posted: Mon Sep 30, 2019 1:10 pm
by pinback
Tdarcos wrote:
Mon Sep 30, 2019 12:21 pm
pinback wrote:
Sun Sep 29, 2019 9:40 am
but that's why there's a mismatch with the SSL cert.
Which also says something about inertia, HTTPS no longer uses SSL;
Well yeah, but we still call them "SSL certs".

Nobody likes a pedant, Paul. Or a pedo. Anything beginning with "ped", just stay away.

Re: Hosting issue

Posted: Mon Sep 30, 2019 9:55 pm
by bryanb
pinback wrote:
Mon Sep 30, 2019 1:10 pm
Nobody likes a pedant, Paul. Or a pedo. Anything beginning with "ped", just stay away.
Like "pedestrian." Knuckles found out the hard way that nobody likes a pedestrian :sad:.

Could the cert issue possibly have something to do with the fact we're using domain masking? That's not a question coming from any deep knowledge, but one guy on the Internet did once say "with a little research I've discovered that domain masking actually breaks SSL encryption" which is a fairly dramatic statement. Admittedly, I've been on a campaign to get Jonsey to turn off domain masking for months now so my motives here are absolutely suspect.

Still, pretty much every site issue we've had up to this point has been caused by either (1) me copying and pasting the wrong code snippet into a PHP file, (2) me getting the "WordPress Address" and the "Site Address" confused, or (3) domain masking. So, if it's not domain masking, it's probably my fault.