Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • And…. we’re back

    Posted on July 19th, 2018 at 20:38 woody Comment on the AskWoody Lounge

    The AskWoody site is now (finally!) back and working. Those of you who poked holes into your browsers may want to revert them. (And I can finally stop using Edge!)

    Many thanks to Drew, Doug, Robert — and to the legions of you who had the forbearance to not say in public what I was shouting in private.

    Anyway, the SSL cert ordeal is over. We ended up with a cert from Let’s Encrypt, woven into the fabric of the site itself. Let the games begin.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums And…. we’re back

    This topic contains 39 replies, has 23 voices, and was last updated by  Morty 4 months, 4 weeks ago.

    • Author
      Posts
    • #204574 Reply

      woody
      Da Boss

      The AskWoody site is no (finally!) back and working. Those of you who poked holes into your browsers may want to revert them. Many thanks to Drew, Dou
      [See the full post at: And…. we’re back]

      Total of 28 users thanked author for this post. Here are last 20 listed.
    • #204588 Reply

      Geo
      AskWoody Lounger

      Yep.  All clear here.

    • #204581 Reply

      anonymous

      Hoorah!   Glad that nonsense is over.

    • #204594 Reply

      Bob99
      AskWoody Lounger

      Good to see things back up!

      However, as noted on another thread here on AskWoody, the cert is still only good for about three months, expiring on October 17th, 2018 at 6:31 P.M. CDT, Central Daylight Time.

      The U.S. is scheduled to stay on daylight savings until the first Sunday in November.

      The above info about the cert is from Firefox 61.0.1.

      Now, where’d I put my box of MS patches of patches for July…??? 😉

      EDIT: Fixed link

      • #204620 Reply

        woody
        Da Boss

        Yep, and I’m assured (fingers crossed) that the cert will auto-renew this time. Like it was supposed to last time.

        Sigh.

        5 users thanked author for this post.
    • #204587 Reply

      anonymous

      Excellent picture! #roflmao

    • #204597 Reply

      bonbon
      AskWoody Lounger

      Welcome Back, Woody!!

    • #204591 Reply

      anonymous

      It’s showing an expiration date of Oct 17, 2018.  I would have thought that the next renewal would have been pushed out a bit longer.   😉

    • #204604 Reply

      Cybertooth
      AskWoody Lounger

      Welcome back, Woody!  <thumbs up>

      It’s great to be able once again to visit via my favorite browser (Pale Moon) without having to jump through hoops.

       

    • #204612 Reply

      anonymous

      So you got 3 months to get it worked out next time. I assume you went with the short time just to get something up and running, while you look for solutions that will keep this from happening again.

      Unfortunately, I’m not quite sure how to undo the hole. Now that the certificate is valid, the option isn’t showing to remove the override on the site properties. I’ll probably look up how to do it, but I’m on Chrome on Win7 if anyone knows the instructions, or knows for sure that it’s clear.

      • #204616 Reply

        Susan Bradley
        AskWoody MVP

        I think we need a post on Let’s Encrypt 🙂  As I understand it they only do a 3 month cert and — assuming it’s set up right — it’s supposed to auto renew.

        Susan Bradley Patch Lady

        5 users thanked author for this post.
        • #204684 Reply

          Noel Carboni
          AskWoody MVP

          Yes, I agree. I’d like to learn more how an organization that’s supposed to be about ensuring you are who you say you are can provide that service in an automated way.

          -Noel

    • #204617 Reply

      Nibbled To Death By Ducks
      AskWoody Lounger

      Susan:

      I agree.

      My web host runs Lets Encrypt on my site; it has automatically renewed itself twice.  Called them a few days ago when this frumus broke out, and they said it was always an automatic process.

      (For them.  I didn’t enquire about those running their own servers.)

      Maybe it’s buried somewhere here: https://letsencrypt.org/documents/isrg-cps-v2.3/

      Congrats on slaying the dragon, Woody! I’ll save a spot for you on that little island in the Pacific I keep threatening to move to when IT has driven me over the brink. 🙂

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Notify but do not download or install without asking."

      --

      "The more kinks you put in the plumbing, the easier it is to stop up the pipes!" -Scotty

      1 user thanked author for this post.
      • #204621 Reply

        woody
        Da Boss

        After this round I’m ready to move to that small island. Have any particular one in mind? 🙂

        1 user thanked author for this post.
        • #204626 Reply

          Nibbled To Death By Ducks
          AskWoody Lounger

          After this round I’m ready to move to that small island. Have any particular one in mind? 🙂

          Yup.  When the time comes, I’ll send you the encrypted coordinates. I have standing orders to at least be planted there. 🙂

          Hint: No volcanoes. 🙂 🙂

          Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Notify but do not download or install without asking."

          --

          "The more kinks you put in the plumbing, the easier it is to stop up the pipes!" -Scotty

    • #204615 Reply

      anonymous

      Wow! DEFCON 1.  Is that for real?

      -Gene-

      • #204739 Reply

        MrJimPhelps
        AskWoody MVP

        Yep. And it wasn’t that long ago when we were on DEFCON 5! (Does anyone remember that?)

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        • #204741 Reply

          alpha128
          AskWoody Lounger

          Yep. And it wasn’t that long ago when we were on DEFCON 5! (Does anyone remember that?)

          I remember that.  It seems like an eternity ago.

           

      • #204743 Reply

        geekdom
        AskWoody Lounger

        Wow! DEFCON 1. Is that for real?

        There is no MS-DEFCON 0

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
        • #204867 Reply

          anonymous

          Maybe there should be, “Do not power up your computer!”

    • #204627 Reply

      Nibbled To Death By Ducks
      AskWoody Lounger

      I have NO idea why that generated a giant smiley. Maybe a Tiki God did that…

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Notify but do not download or install without asking."

      --

      "The more kinks you put in the plumbing, the easier it is to stop up the pipes!" -Scotty

      • #204629 Reply

        Microfix
        AskWoody MVP

        FTFY 🙂

        When quoting from a reply, if there is a smiley included within a quote, the forum software does this by default (Large Smiley) Best just to delete the quoted smiley from within the quote, as it’s the text within the quote that really counts.

        | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
        3 users thanked author for this post.
        • #204639 Reply

          Nibbled To Death By Ducks
          AskWoody Lounger

          Microfix: Danke! Didn’t know that pit was there under the leaves… 🙂

          Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Notify but do not download or install without asking."

          --

          "The more kinks you put in the plumbing, the easier it is to stop up the pipes!" -Scotty

          1 user thanked author for this post.
    • #204641 Reply

      anonymous

      All is well. No more prompts telling me how evil your website is.

      1 user thanked author for this post.
    • #204671 Reply

      Seff
      AskWoody Lounger

      I can so identify with that picture!

      Welcome back Woody, this place was missed.

    • #204679 Reply

      Sam
      AskWoody Lounger

      Woody

      Its great to see you back.  Now I can stop going through withdrawal and start reading Ask Woody again with my morning coffee.

      1 user thanked author for this post.
    • #204697 Reply

      The Surfing Pensioner
      AskWoody Lounger

      What a relief! I’ve been dying to ask if anyone had heard the joke about how many computer geeks it takes to change a SSL certificate, but decided it was unlikely to prove a contribution looked on with favour.

      3 users thanked author for this post.
    • #204698 Reply

      Sessh
      AskWoody Lounger

      Good to see the site back now. I really hope this won’t happen again as it’s been, what, the third time at least? I hope it didn’t deter too many new users from coming here. I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week.

      Personally, I won’t add an exception in my browser for a website that should not need an exception especially for a site that has been attacked for a prolonged period of time in the past. I hope this will be the last time such an issue occurs. 🙂

      2 users thanked author for this post.
      • #204727 Reply

        alpha128
        AskWoody Lounger

        I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week.

        Yes, I was thinking the same thing.

        I’m so glad that Woody has finally gotten his own personal DEFCON 1 sorted out.  Now we just have to worry about Microsoft – as it should be!

    • #204722 Reply

      Demeter
      AskWoody Lounger

      Hip Hip Hooray! Defcon 1? So glad I always take the preemptive action of changing Update settings to “Never Check” before patch day rolls around.

    • #204771 Reply

      DadCooks
      AskWoody Lounger

      Finally, thanks. Now you can back to doing some real work.

    • #204772 Reply

      Sam
      AskWoody Lounger

      Good to see the site back now. I really hope this won’t happen again as it’s been, what, the third time at least? I hope it didn’t deter too many new users from coming here. I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week. Personally, I won’t add an exception in my browser for a website that should not need an exception especially for a site that has been attacked for a prolonged period of time in the past. I hope this will be the last time such an issue occurs. 🙂

      With all the hats Woody is wearing and all the problems he has saved us from he is the right to make a mistake. I for one will continue to thank Woody for all he does.

      2 users thanked author for this post.
      • #204842 Reply

        OscarCP
        AskWoody Lounger

        Judging from what Woody wrote here #204620 , it looks as if the problem was that the certificate, supposed to be renewed automatically, wasn’t. So he himself might have been the innocent victim of someone else’s failure to perform as agreed to, not the unwitting perpetrator.

        But see also the posting here by mcbsys #204775  and #204793 about the fault being sometimes on the other side of the equation.

        Anyhow: glad this is over. “Let the games begin.” Indeed.

         

         

    • #204775 Reply

      mcbsys
      AskWoody Lounger

      Congrats on getting Let’s Encrypt set up. I’ve been using that on a couple servers with good success. Yes, only three months is normal. Yes, it should auto-renew 30 days before expiration (so really you get a new cert every two months). Yes, it failed once because I mis-configured something, so put a note in your calendar to confirm that it renewed by 9/18/2018.

      I actually have my daily cron job that does the “check for renewal” set up to send me an email every day. Usually it just says “cert not due for renewal” but when it renews, I see that too. I also see the periodic automatic updates to the Let’s Encrypt script.

      1 user thanked author for this post.
      • #204793 Reply

        mcbsys
        AskWoody Lounger

        In case anyone is interested, here’s how I do it on an Ubuntu/Bitnami distribution running Apache as the web server. I created a custom certbot_renew.sh:

        /usr/lib/certbot/certbot-auto renew --post-hook "/opt/bitnami/ctlscript.sh restart apache"

        Here’s my cron job:

        SHELL="/bin/bash"
        MAILTO="my@email.com"
        5 10 * * * /opt/bitnami/apps/admin/scripts/certbot_renew.sh

        Email is sent through sSMTP (after I installed it).

        NOTE Sometimes (probably when “officially” installed via apt-get), certbot also creates its own cron job as /etc/cron.d/certbot that runs twice per day. If that job handles the renewal, because it doesn’t include the hook to restart Apache, the old cert will continue to be served. Restart Apache to load the new cert (sudo /opt/bitnami/ctlscript.sh restart apache), then rename /etc/cron.d/certbot to certbot.disabled.

        • This reply was modified 5 months ago by  mcbsys.
        • This reply was modified 5 months ago by  mcbsys.
    • #204910 Reply

      EP
      AskWoody MVP

      hi Woody. nice of the Askwoody site to be back online again and the Firefox and equivalent browsers now work with your web site again.

      And there’s this recent ZDNet article saying that Windows 10 is still “not yet on 700 million ‘active’ devices”:
      https://www.zdnet.com/article/windows-10-is-still-not-yet-on-700-million-active-devices/
      Not even close to that number.

    • #204964 Reply

      anonymous

      The nice thing about Let’s Encrypt is that it’s free, which is why a lot of “smaller” websites and companies use it. It’s sufficient if all you want is an HTTPS experience for your users.

    • #205197 Reply

      Morty
      AskWoody Lounger

      Welcome back!

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: And…. we’re back

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Cancel