in reply to Re: Clear text passwords
in thread Clear text passwords

Then did Moses just reach the Promised Land?

All my links turned red, and upon looking closer i find myself diverted to

is this a permanent thing now?

  • Comment on Re^2: All my links turned red (was: Clear text passwords)

Replies are listed 'Best First'.
Re^3: Certificate confusion (was: Clear text passwords)
by LanX (Cardinal) on Jun 08, 2018 at 00:50 UTC
    It's confusing I sometimes get the * certificate for , which I have to accept manually.

    Since I remember that we are using at least two servers for load balancing, my first guess is that one of the apaches has the wrong cert-file in place.

    For me:

    all other combinations I tried required a manual exception.


    Forgot to test * with Firefox, but they seem to work fine with my mobile browser.

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

      dig shows 3 IPs being round robin'd (robinned?). The Let's Encrypt SAN cert works on (www\.)?perlmonks\.(org)|(com)|(net), but the pairsite wildcard cert will only work on the pairsite domain, one subdomain deep. So will not work, authentication wise, with either cert. 3 Servers, 8 urls, 2 certs, one of which expires every 90 days, not the most enjoyable way to spend free time, I'm sure.

        Interestingly it looks like it has been setup correctly on 2 of the 3 servers

        $ host is an alias for has address has address has address $ openssl s_client -showcerts -servername -connect 2 + </dev/null 2>&1| grep subject subject=/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Sui +te 510/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by + pair Networks/OU=PairWildcardSSL $250,000/CN=* $ openssl s_client -showcerts -servername -connect 6 + </dev/null 2>&1| grep subject subject=/ $ openssl s_client -showcerts -servername -connect 2 + </dev/null 2>&1| grep subject subject=/
        There is more than one way to set up Apache to rewrite and find the cert.

        I'm sure the admins will find a stable way.

        The short term certificate is surely only meant for testing.