Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "letsencrypt"
"Oh, he is asking that much money for this website? I will create that for only $250 with WordPress. He is just trying to use you"
You fucking wanker. What you don't understand is that you are pushing the companies to a fucking black hole that they won't be able to recover from.
He shows an example of a website which takes 30 sec to load. It's full of hundreds of dreadful plugins. He chose the shittiest stock pictures to make it look "pretty".
When I point out his fucking shite website takes this long to load, he says if the company wants to make the website fast, they will need buy the premium plan of CloudFlare. WHAT THE FUCK are you even talking about?
Not only that, the example website, doesn't even have any SSL. He is saying that the other company didn't want to pay for the SSL. Ever heard of fucking StartSSL or LetsEncrypt?
It's people like you who is responsible for making half of the web an insecure, slow, low-performance space which is prone to hacking.
WordPress was made for blogging. KEEP IT THAT WAY. Stop trying to make your high-performance CMS or eCommerce website with this shite.17
Good morning campers,
It has come to be known that LetsEncrypt will be moving on from a "Small" Certificate Authority to one of the big guys with their own Root certificates in the coming months.
Now for the average joe this means nothing, besides awaiting for root certificate updates to flow down for their operating system 🤔 but for LE, that's a major step up in such a short time of being in existence.5
(The PM is pretty technical)
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*
It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?8
I hate Wordpress. I hate Wordpress. I hate Wordpress.
Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.
Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.
So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!
Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.
So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.
I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.
GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!
So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.
I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.
I’m gonna explode.
I swear, I’m gonna fucking explode.
After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.
Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.
TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.37
I'm not sure if this entirely qualifies and I might have ranted about it a few years ago but fuck it.
My last internship. Company was awesome and my mentor/technical manager got along very well with me to the point that he often asked me to help out with Linux based stuff (he preferred Linux but was a C# guy and wasn't as familiar with it as me (Linux)).
We had to build an internal site thingy (don't remember what it was) and we delivered (me and some interns) and then the publishing moment came so I went to out project manager (a not-as-technical one) and asked if he could install a LetsEncrypt certificate on the site (he knew how and was one of the only ones who had direct access to the server).
He just stared at us and asked why the fuck we needed that since it was an internal thing anyways.
I kindly told that since it's free and can secure the connection, I preferred that and since its more secure, why the fuck not?
He wasn't convinced so it was off.
Next day I came in early and asked my mentor if he could do the SSL since he usually had access to that stuff. He stared at me with "what?" eyes and I explained what the PM said.
Then he immediately ssh'd in and got the damn cert with "we're going to go secure by default, of course!"
A minute later it was all set.2
Weekend projects are fun! Although front end is still a challenge, it looks good enough.
Suddenly got the idea to do something with letsencrypt/nginx wildcard subdomains (*.example.com) so created a project around that now through which you can check what your ip address/user agent/operating system/ip version is (maybe more to come) but due to the wildcard part you can enter quite a number of subdomains which all show the related info.
I'd find it very useful myself, not sure if other people would but oh well!2
With all these posts about the death of Steven Hawkings there's one thing which may be overlooked:
LETSENCRYPT WILDCARDS ARE LIVE !!!!!!!
(No offense to Steven Hawkings. He truly was one of the greatest scientists of mankind.)7
So I just got this email from a tech company, I registered to send my CV some years ago , about a dev Job openning.
The descripition included:
Java and Angular ( first red flag )
So I go to their site to check it out ...
No https, ping the domain returns an ip from another continent with 500+ ms latency.
Major flaws on the site usability...
Super dumb password recovery method...
I'm fucking outta here dude. I might send them a proposition to fix their servers and at least put it behind letsencrypt though...
And these morons have big clients, like my bank... wtf...4
GitLab CE crashed after doing a reconfigure, something with the LetsEncrypt client. Hours of debugging later it suddenly works again and the letsencrypt client doesn't throw errors either.
Happy that it works again but I'd like to know WHY it suddenly works again after I pretty much changed nothing (or, I did, but I put everything back to the original values every time a suggestion doesn't work).
Yesterday evening I began working on an SSL proxying system for dynamic domain names using Let's Encrypt. I finished just a few hours ago and it's working flawlessly!3
Did anyone else notice how setting up a letsencrypt.org certificate for a domain became a lot easier as this year went on? Certbot + automatic renewal was set up in four commands on my RasPi, I remember it being more difficult to set everything up 🤔1
What's up with almost every other site having invalid ssl certs, even though they are signed with a future date and by LetsEncrypt, did chrome again distrust a batch?6
A sunny monday morning. The sun almost glimpsing over the horizon. I'm on my way to the office, taking a breath of fresh cool air. It is infused by the scent of sweet pastries.
I reach the office, but something is different. Why is the door slightly opened? Carefully I grab the door handle. I do my first step past the doorframe and wooosch. Thick and sticky stuff is running done my spine, finding it's way through my clothes. I feel so un-fucking-believably dirty in this very moment.
This should give you an impression how I felt when I had to change a DNS record in this completely broken setup for just a matter of seconds until the letsencrypt client renewed the certificate.
I'm feeling seriously dirty.1
First off murphy is a bitch. Week started off good, nothing bad happening then friday night came and i get an email about a site being down. Ok check it out real quick, cert is expired. No real big deal just a 20 minute fix, didn't bother me that i didn't get an expiry alert. Now is where murphy decided to be the biggest fucking bucktoothed cocksucker, generate a csr for a wildcard domain using an existing key and sent it off when i get it back the private key doesn't match the cert. Again ok maybe i fucked up, generate a selfsigned cert no fucking problem. Contact support to see if they have an idea. Oh now is when it gets fun, the fucking dumbass preceded to tell me how i didn't know what i was doing and how i just had to generate a csr and private key at the same time after i explained to the bastard that I've already tested it with a selfsigned cert. (How does this fucker have a job) By now apparently i was pissed off enough to scare murphy's pansy ass away cause i told the fucker to refund my money, got a list of 30 subdomains and setup letsencrypt on it. Now the part on this that is fucking hilarious is that it took me damn near 24 hours to be called a fucking idiot from a guy that doesn't know his ass between a hole in the fucking ground and 30 minutes of being pissed off more than i have been since i took anger management classes in the 9th grade to say fuck it and switch.7
Am I bad? I charged a client for an SSL Certificate and installation, but just used LetsEncrypt instead, cost me fuck all.6
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14
When nginx decides to just NOT answer to any IPv4 requests, áfter 2 weeks of having it set up for IPv6, just because I updated the Let's Encrypt certificate..
➡️ Started searching and reading the MailChimp docs.
⬅️ Ended reading the letsencrypt docs about CAA-Records. 🙈
I dug up my old ledger web app that I wrote when I was in my late twenties, as I realized with a tight budget toward the end of this year, I need to get a good view of future balances. The data was encrypted in gpg text files, but the site itself was unencrypted, with simple httpasswd auth. I dove into the code this week, and fixed a lot of crap that was all terrible practice, but all I knew when I wrote it in the mid-2000s. I grabbed a letsencrypt cert, and implemented cookies and session handling. I moved from the code opening and parsing a large gpg file to storing and retrieving all the data in a Redis backend, for a massive performance gain. Finally, I switched the UI from white to dark. It looks and works great, and most importantly, I have that future view that I needed.1
If anyone is really bored, or doesn't have literally anything else to with their life, I just posted my first article :D
If you want, take a look and tell me what you think :)11
Do you still charge your clients extra for HTTPS being it’s practically a requirement now for SEO purposes?7
Does anybody knows if letsencrypt SSL works with Cloudflare or not?
Because I'm unable to use letsencrypt SSL while using free version of Cloudflare :(5
Been trying to learn Docker when I hit a brick wall. How do I use nginx reverse proxy + letsencrypt with multiple containers? I only managed to do it with a single container. Using docker-compose or stuff like that I guess?6
So some people really liked the last article I wrote, so I figured I'd share this one that's kinda on the same topic:
Last weekend I was working on a small project for a friend of mine: a dockerized webapp, plus API backend and DB. I had some problems with the installation on the vps and had to try out different images and never really did a complete setup of my usual dotfiles. Got it running on an Ubuntu distro. Everything great.
It was the first release so I still had to check that every configuration worked ok, like letsencrypt companion container, the reverse proxy and all that stuff, so I decided to clone the whole project on the server tho make the changes there and then commit them from there.
Docker compose, 10 lines of code, change the hosts and password. Boom everything working. Great... Except for the images in the webapp.
WTF? Check the repo, here they are, all ok. I try different build tactics. Nothing. Even building the app on another docker always the same. Checked browser cache, all the correct ports are open. I even though that maybe react was still using some weird websocket I didn't know, but no.
Damn, I spent 5 hours checking why the f*** the server wouldn't make it out.
Then, finally, the realization...
I didn't install the f******* git-lfs plugin and all I was working with were stupid symbolics links! Webpack never even throw an error for any of the stupid images and the browser would only show a corrupted image, when decoding the base64 string.
Literally the solution took 5 minutes.
F*** changes on production, now I do everything on a fully automated CI.
So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.
So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?1
Does anyone know how to use certbot on a Debian stretch azure web service app to generate an SSL cert?
I've got the cert generated and Apache to serve it but it's giving me errors.
I need to bind it in azure somehow but I can't figure out how to export the cert.7
I don't know why this is so difficult for me but getting ssl for my site is very annoying. I've been building this one site that I need ssl for but I just cant get lets encrypt or certbot to work.
I'm asking for help because I've looked through a lot of articles and stackoverflow posts but nothing seems to work for me.
I'm sorry I know this isn't some stackoverflow alternative but I'm getting kinda desperate here.
I made the site in Flask and Im using gunicorn as the webserver and I can access it at xx.xx.xx.xx:8000 just fine
Then I'm running a nginx reverse proxy to forward all :80 requests to :8000.
I have this one route i made for testing called random (ex xx.xx.xx.xx/random) and it works fine when I'm using my external ip.
I think the problem is with my domain name.
I got it for free of off freenom and it just forwards traffic on the domain (hacschedule.tk) to my ip (not sure if I should have actually put the domain)
This works fine for when I'm just trying to get to the home page, but when i put www.hacschedule.tk/random, it just redirects me to www.hacschedule.tk aka the homepage.
I've tried making routes for the certbot/letsencrypt tools but they keep failing and I think its because of the domain name but since this is my first time actually trying to put a project into production, I don't know what I'm doing wrong.
If anyone could try to lead me the right way I'd really appreciate it. It's an app I wanted to build for peers to use to see school schedule in a more familiar way (we changed systems)10
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.