2
Yujiri
5y

Why are so many websites' TLS certs broken? This month I've come across at least four different websites with cert errors that I've tried to email the webmasters about. "Tried" - the fourth has only twitter as a contact point and "can't be messaged". None of the other three have been corrected, although I received responses from two claiming they'd look into it.

And that's not even counting the ones I've seen that I didn't care about enough to contact the webmaster.

Comments
  • 0
    Perhaps tls versions or something?
  • 5
    Yeah I recently contacted someone as well. The response was "we don't need a working certificate because we don't process user data"

    "but you do have a forum with passwords and emails"

    "oh yeah I don't care about that data"
  • 0
    @Codex404 Time to grab this data and smear it across their face.
  • 4
    Certbot to hard to use.

    PCI compliance time of the year - FML right now

    People have no idea what they are doing, doing things with servers.

    Which sites?

    Also, FYI Apple just made a dick move and is looking at blocking sites with certs with a validity of ~400+ days in Safari.

    https://news.en24.news/N/2020/...
  • 0
    @C0D4 Specifically the sites were: lunarchstudios.com, nhindependence.com, heartyhuman.com, and humaniterations.net
  • 1
    @C0D4 If certbot is too hard, use acme.sh
  • 1
    @kescherRant I have no issues with certbot 😂 well besides firewalls.
  • 1
    @C0D4 I prefer acme.sh, but still have certbot deployed because why switch lol
  • 1
    Something tells me that this whole certificate business is a cashgrab. But it's definitely wrong to collect passwords without prolonging cert and using weird excuses. 😔
  • 3
  • 2
    @Yujiri 🤔
    lunarchstudios doesn't have ssl.

    Oh wait 😂😂😂

    This is what happens when you are on a shared vps and someone else has a ssl cert that's been setup incorrectly so now that cert is the default cert for all hosts.
Add Comment