ninjette.org

Go Back   ninjette.org > Forum Info > Forum Information

Reply
 
Thread Tools
Old April 17th, 2018, 09:55 AM   #1
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
SSL cert expired

Hi folks -

Wanted to post a thread apologizes for the embarrassing oversight today of letting the SSL cert expire. Had received notifications for awhile, but hadn't gotten around to it yet. I'm remote today (at a security conference, ironically), but hope to get around to updating it late tonight.

To be clear, the site is no less secure (or more secure) than it was yesterday. SSL certs have an expiration date on them, but that timing is a bit arbitrary. Expiration does not mean anything bad happened to them, they've been compromised, or any other issue. It's just good security practice to keep them updated every few years in the off-chance that they were compromised at some point during that period.

Most importantly, there isn't any personal data stored here on this site about any of us. Everything that this site has in terms of user data is essentially open to all already; it's all of our posts that we put up to share with others. I moved the site to SSL awhile back as an exercise, but that turned out to be a bit prescient as Google started to encourage all sites to use SSL, even if there wasn't any sensitive or critical data stored on the site.

Happy to answer any questions here, and also take any well-deserved insults, put-downs, and general abuse for not getting to this in time.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote




Old April 17th, 2018, 10:24 AM   #2
adouglas
Cat herder
 
adouglas's Avatar
 
Name: Gort
Location: A secret lair which, being secret, has an undisclosed location
Join Date: May 2009

Motorcycle(s): Aprilia RS660

Posts: A lot.
Blog Entries: 6
MOTM - Jul '18, Nov '16, Aug '14, May '13
Go on, admit it. You're Zuckerberg in disguise, aren't you?
__________________________________________________
I am NOT an adrenaline junkie, I'm a skill junkie. - csmith12

Nam et ipsa scientia potestas est.
Heri historia. Cras mysterium. Hodie donum est. Carpe diem.
adouglas is offline   Reply With Quote


Old April 17th, 2018, 10:51 AM   #3
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
I can neither confirm or deny.

__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


Old April 17th, 2018, 11:05 AM   #4
Triple Jim
Guy Who Enjoys Riding
 
Triple Jim's Avatar
 
Name: Jim
Location: North Carolina
Join Date: Jul 2016

Motorcycle(s): Ninja 250

Posts: A lot.
MOTM - Oct '18, Aug '17, Aug '16
Thanks Alex... I got the warning this morning, but figured that by now I can probably trust the site.
Triple Jim is offline   Reply With Quote


Old April 17th, 2018, 12:47 PM   #5
DannoXYZ
ninjette.org certified postwhore
 
Name: AKA JacRyann
Location: Mesa, AZ
Join Date: Dec 2011

Motorcycle(s): CB125T CBR250R-MC19 CBR250RR-MC22 NSR350R-MC21 VF500F CBR600RR SFV650 VFR750F R1M ST1300PA Valkyrie-F6C

Posts: A lot.
MOTY - 2018, MOTM - Nov '17
Quote:
Originally Posted by Alex View Post
I can neither confirm or deny.
to verify it’s really you, PM me all your account numbers and PIN
DannoXYZ is offline   Reply With Quote


Old April 17th, 2018, 01:39 PM   #6
adouglas
Cat herder
 
adouglas's Avatar
 
Name: Gort
Location: A secret lair which, being secret, has an undisclosed location
Join Date: May 2009

Motorcycle(s): Aprilia RS660

Posts: A lot.
Blog Entries: 6
MOTM - Jul '18, Nov '16, Aug '14, May '13
Quote:
Originally Posted by DannoXYZ View Post
to verify it’s really you, PM me all your account numbers and PIN
Here you go. All the number and PINS are in this post.



__________________________________________________
I am NOT an adrenaline junkie, I'm a skill junkie. - csmith12

Nam et ipsa scientia potestas est.
Heri historia. Cras mysterium. Hodie donum est. Carpe diem.
adouglas is offline   Reply With Quote


Old April 17th, 2018, 06:58 PM   #7
Snake
ninjette.org certified postwhore
 
Snake's Avatar
 
Name: Rick
Location: Alexandria, Louisiana
Join Date: Jan 2009

Motorcycle(s): 05 Blue Ninja 250

Posts: Too much.
MOTY - 2017, MOTM - Jan '19, Oct '16, May '14
I took a leap of faith and clicked ok I trust Alex.
Snake is offline   Reply With Quote


Old April 18th, 2018, 07:09 AM   #8
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
Alright - we're good until 4/2020. Hopefully I'll fix it ahead of time at that point.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


2 out of 2 members found this post helpful.
Old April 18th, 2018, 07:29 AM   #9
Z1R rider
ninjette.org certified postwhore
 
Z1R rider's Avatar
 
Name: Roger
Location: Mitchell, South Dakota
Join Date: Apr 2014

Motorcycle(s): 1978 Z1R, 1999 EX250

Posts: A lot.
MOTY - 2018, MOTM - Oct '16
__________________________________________________
top of the day to ya Unregistered
Z1R rider is offline   Reply With Quote


Old April 18th, 2018, 10:03 AM   #10
CaliGrrl
ninjette.org certified postwhore
 
CaliGrrl's Avatar
 
Name: Kerry
Location: Ventura, CA
Join Date: Jan 2016

Motorcycle(s): Ninja650

Posts: A lot.
MOTM - Apr '18, Apr '17, Apr '16
Thanks for updating it! I got the warning, I trust the site, but I didn't know how to tell my computer "go there anyway." So I'm glad it's updated and my 'puter will let me come here again.
CaliGrrl is offline   Reply With Quote


Old April 18th, 2018, 10:35 AM   #11
DannoXYZ
ninjette.org certified postwhore
 
Name: AKA JacRyann
Location: Mesa, AZ
Join Date: Dec 2011

Motorcycle(s): CB125T CBR250R-MC19 CBR250RR-MC22 NSR350R-MC21 VF500F CBR600RR SFV650 VFR750F R1M ST1300PA Valkyrie-F6C

Posts: A lot.
MOTY - 2018, MOTM - Nov '17
Awesome!
DannoXYZ is offline   Reply With Quote


Old April 18th, 2018, 01:58 PM   #12
maverick9611
"a legend in my own mind"
 
maverick9611's Avatar
 
Name: maverick9611
Location: Augusta,Georgia
Join Date: May 2017

Motorcycle(s): 2015 moto guzzi norge(brownie),2020 aprilia dorsoduro,

Posts: A lot.
MOTM - Feb '18
__________________________________________________
"trying not to get old"
maverick9611 is offline   Reply With Quote


Old April 25th, 2018, 11:20 AM   #13
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
So this is how users at MyEtherWallet were hacked yesterday.

News story: https://www.theverge.com/2018/4/24/1...tolen-ethereum

Someone was able to corrupt/co-opt some DNS entries for the site, set up a new site, and the DNS took some users right to the phishing site. Once there, they had the credentials they needed to then go to the real site and start emptying wallets. Users who were robbed had to click through that "this site cert ain't right" error, did so, and were taken to the malicious site - the site that they landed on couldn't provide a valid SSL cert and the browsers would have warned them.

I only add this for some context about those cert errors. That use case above is pretty much the whole point of the technology. The site that you're going to might not be the one you expect, because the cert can't be validated - be cautious with where you go and what you enter if you do click past those warnings. In 99% of the cases, it's going to be something like happened here on Ninjette, with an expired cert due to an incompetent admin (like me). But every once in awhile, that cert error can be a real tip-off that something bad is about to happen because the site you're going to isn't the one you expect, either because it has been hacked directly, or you're being redirected to an entirely different location than you expected.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


Old April 25th, 2018, 01:51 PM   #14
CaliGrrl
ninjette.org certified postwhore
 
CaliGrrl's Avatar
 
Name: Kerry
Location: Ventura, CA
Join Date: Jan 2016

Motorcycle(s): Ninja650

Posts: A lot.
MOTM - Apr '18, Apr '17, Apr '16
Good to know, thanks. I don't know much about how this works, and I trusted Ninjette, but it's good info.
CaliGrrl is offline   Reply With Quote


Old April 17th, 2020, 09:06 AM   #15
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
Quote:
Originally Posted by Alex View Post
Alright - we're good until 4/2020. Hopefully I'll fix it ahead of time at that point.
Narrator voice: "He didn't"
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old April 17th, 2020, 09:51 AM   #16
Triple Jim
Guy Who Enjoys Riding
 
Triple Jim's Avatar
 
Name: Jim
Location: North Carolina
Join Date: Jul 2016

Motorcycle(s): Ninja 250

Posts: A lot.
MOTM - Oct '18, Aug '17, Aug '16
No problem of course, Alex... thanks for today's repair. I was able to get in via Tor Browser, but it seemed that no one else was around.
Triple Jim is offline   Reply With Quote


Old April 17th, 2020, 12:25 PM   #17
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
The reason the TOR browser worked is likely because it's running in incognito mode, and isn't storing HSTS data. If you opened up another browser that you've never used to connect to ninjette before, it would likely have worked as well. The way that setting works between web servers and clients is like this: Once you go to a site, and it has a legitimate SSL certificate, the browser says "OK" and keeps track of it. Forevermore, if you use that browser to go to that site, it confirms there is a valid cert, and if there isn't, it hard fails it and will not allow you to bypass. If you open up a completely new browser and go to the site, it may warn you that the site has a bad cert, but it will let you bypass the warning.

You can go into an existing browser, and there are ways to delete the HSTS stored data. I've had to do that a few times when I do screw up the SSL cert and still have to get to a site with the same browser.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old April 17th, 2020, 04:57 PM   #18
Triple Jim
Guy Who Enjoys Riding
 
Triple Jim's Avatar
 
Name: Jim
Location: North Carolina
Join Date: Jul 2016

Motorcycle(s): Ninja 250

Posts: A lot.
MOTM - Oct '18, Aug '17, Aug '16
Understood. Tor asked me if I'd like to ignore the expired certificate. I can't swear I've never connected to this site with it though.
Triple Jim is offline   Reply With Quote


Old April 17th, 2020, 07:07 PM   #19
DannoXYZ
ninjette.org certified postwhore
 
Name: AKA JacRyann
Location: Mesa, AZ
Join Date: Dec 2011

Motorcycle(s): CB125T CBR250R-MC19 CBR250RR-MC22 NSR350R-MC21 VF500F CBR600RR SFV650 VFR750F R1M ST1300PA Valkyrie-F6C

Posts: A lot.
MOTY - 2018, MOTM - Nov '17
Does anyone ever say NO to bypassing cert-expiration warning?
Or even incorrect cert saying you're being re-directed to "IMGONNA.STEALYOURCC#.COM"??

Last futzed with by DannoXYZ; April 17th, 2020 at 08:14 PM.
DannoXYZ is offline   Reply With Quote


Old April 18th, 2020, 10:55 AM   #20
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
No - which is probably one of the reasons HSTS came to be. It allows sites to make it much harder for users to bypass that warning, if the site chooses to enforce it. It's one of those "ecosystem" type things though, that only has a benefit if many/most sites implement it.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


Old April 16th, 2022, 04:34 AM   #21
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
When the site was moved over to a new VM today, I figured it would be a good idea to see when the SSL cert was due to expire. Turns out that it was due to expire today - 4/16/2022! Updated it (after finding the instructions I saved forever ago on how to do so), so we're now good for another year. If I had forgotten, we all would have been locked out at midnight until I reset the darned thing.

On a separate note, the new server appears to be screaming fast. Usage of it is showing something like .01 on average, and response time is lightning quick.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old April 16th, 2022, 06:17 AM   #22
Snake
ninjette.org certified postwhore
 
Snake's Avatar
 
Name: Rick
Location: Alexandria, Louisiana
Join Date: Jan 2009

Motorcycle(s): 05 Blue Ninja 250

Posts: Too much.
MOTY - 2017, MOTM - Jan '19, Oct '16, May '14
So glad that you were able to remember about the cert expiring. If I had been locked out tomorrow morning the first thing I would have thought was “Oh no I posted something negative, got a thumbs down and Alex locked me out”.
Snake is offline   Reply With Quote


Old April 16th, 2022, 09:56 AM   #23
DannoXYZ
ninjette.org certified postwhore
 
Name: AKA JacRyann
Location: Mesa, AZ
Join Date: Dec 2011

Motorcycle(s): CB125T CBR250R-MC19 CBR250RR-MC22 NSR350R-MC21 VF500F CBR600RR SFV650 VFR750F R1M ST1300PA Valkyrie-F6C

Posts: A lot.
MOTY - 2018, MOTM - Nov '17
Awesome!!!

I like automatic free cert renewal with certbot/LetsEncrypt.org.
CertBot agent regularly checks for expiration and downloads new cert before it expires.
https://letsencrypt.org/getting-started/
DannoXYZ is offline   Reply With Quote


Old April 16th, 2022, 01:42 PM   #24
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
I should look into that some point if I ever change the architecture. When I first put SSL onto this site awhile back, LetsEncrypt was a bit of a joke, and essentially meant that the site wasn't able to get a "real" cert. But over many years - quite a bit has changed, and sites with LetsEncrypt aren't penalized a bit.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


Old April 17th, 2022, 11:11 AM   #25
CaliGrrl
ninjette.org certified postwhore
 
CaliGrrl's Avatar
 
Name: Kerry
Location: Ventura, CA
Join Date: Jan 2016

Motorcycle(s): Ninja650

Posts: A lot.
MOTM - Apr '18, Apr '17, Apr '16
Excellent! Thanks for keeping an eye on it!
CaliGrrl is offline   Reply With Quote


Old April 24th, 2022, 11:02 AM   #26
CZroe
CPT Falcon
 
CZroe's Avatar
 
Name: J.Emmett Turner
Location: Newnan, GA
Join Date: Apr 2009

Motorcycle(s): '08 CP Blue EX250J, '97 unpainted EX250F, 2nd '97 unpainted EX250F (no engine), '07 black EX250F

Posts: A lot.
Quote:
Originally Posted by DannoXYZ View Post
Awesome!!!

I like automatic free cert renewal with certbot/LetsEncrypt.org.
CertBot agent regularly checks for expiration and downloads new cert before it expires.
https://letsencrypt.org/getting-started/
Spam bot detected!

/JK

Don’t mess with Alex tho’

I’m still suffering his endless newsletter spam in retaliation for the time Jiggles and I made it look like I hacked the site.
CZroe is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old April 24th, 2022, 03:11 PM   #27
DannoXYZ
ninjette.org certified postwhore
 
Name: AKA JacRyann
Location: Mesa, AZ
Join Date: Dec 2011

Motorcycle(s): CB125T CBR250R-MC19 CBR250RR-MC22 NSR350R-MC21 VF500F CBR600RR SFV650 VFR750F R1M ST1300PA Valkyrie-F6C

Posts: A lot.
MOTY - 2018, MOTM - Nov '17
Quote:
Originally Posted by CZroe View Post
Spam bot detected!

/JK

Don’t mess with Alex tho’

I’m still suffering his endless newsletter spam in retaliation for the time Jiggles and I made it look like I hacked the site.
HahHhahhHahhh!!!
DannoXYZ is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old February 11th, 2023, 09:47 AM   #28
InvisiBill
EX500 full of EX250 parts
 
InvisiBill's Avatar
 
Name: Bill
Location: Grand Rapids-ish, MI
Join Date: Jul 2012

Motorcycle(s): '18 Ninja 400 • '09 Ninja 500R (selling) • '98 VFR800 (project) • '85 Vulcan VN700 (sold)

Posts: A lot.
Blog Entries: 1
MOTM - Aug '15
@Alex, you've got about 5 weeks left on the current SSL cert. If you've got some time, it might be worth looking into Let's Encrypt/ACME stuff now-ish. https://letsencrypt.org/docs/client-options/

Because of the way my host is set up, and the fact that I use a different provider for DNS, I have to do LE renewals manually. But honestly, it's still fairly quick and easy with the Windows commandline client and some copy & paste. The hardest part is actually that my host's setup means I have to manually select the installed wildcard cert from a dropdown for each subdomain I have.

Based on stuff you've done around here previously, I assume you'd be able to install the necessary things to automate it.



For the non-technical people, renewing your SSL certs is comparable to rekeying the locks on your house on a regular basis, just to make sure anyone who happened to get a copy of your key can no longer get in. The cert expiration sets the schedule to rekey your locks (originally based on the time needed for someone to brute-force crack the encryption). Being past the expiration date just means that it's still using the old lock and the schedule says the lock should've been rekeyed by now, not that anyone has actually breached the lock.

Other SSL warnings mean other things though, like the MyEtherWallet imposter server mentioned above. Unfortunately, I think a lot of browsers do the user a disservice in this regard. A lot of them seem to just be "SSL IS BROKEN!!!!1 INSECURE!!!!!!1" on all issues without any real detail about the problem or what it likely means. Ninjette's SSL cert expiring 12 hours ago is much less of an issue (Alex just forgot to update it on time) than MyEtherWallet's cert saying that it's coming from an untrusted root cert (a financial website suddenly switching to a "homemade" cert instead of one from a trusted authority). Even a cert that's been expired for 10 years might not really concern you. If it's just a website listing some oil filter part numbers or something? It doesn't matter to me if the connection is actually secure, because I'm not transferring any data that needs to be secured. If it's a financial service? I'm not giving them any info at all if parts of their security haven't been touched in 10 years.
__________________________________________________

*** Unregistered, I'm not your mom and I'm not paying for your parts, so do whatever you want with your own bike. ***
InvisiBill is offline   Reply With Quote


Old February 11th, 2023, 10:16 AM   #29
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
Yep, I've got a reminder in my calendar to do it in a few weeks for a few sites. Can't switch to LE/ACME easily, as the automated clients don't support this old version of Centos. (And can't update Centos, as this old version of vbulletin isn't supported by new version of Centos). Next change, if anything will just be to move the whole forum to a managed service by vbulletin, and let them worry about any backend updates and admin.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old March 6th, 2023, 10:16 AM   #30
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
SSL cert updated. Good until 3/20/2024.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old March 6th, 2023, 10:23 AM   #31
Triple Jim
Guy Who Enjoys Riding
 
Triple Jim's Avatar
 
Name: Jim
Location: North Carolina
Join Date: Jul 2016

Motorcycle(s): Ninja 250

Posts: A lot.
MOTM - Oct '18, Aug '17, Aug '16
Thank you for your work here, Alex.
Triple Jim is offline   Reply With Quote


Old April 14th, 2023, 10:12 AM   #32
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
Learn something new everyday. Or at least every once in awhile. I noticed that some of the email notifications I was getting from ninjette were starting to show up in my email spam folder. That was annoying, but not terribly odd, as I know that there are some blacklists providers that are starting to do weird things with our ISP (see thread right above this one in Forum Info).

But I also noticed that there was a red padlock on the email, and I hadn't remembered seeing that before - but I might have not noticed for awhile. Refreshing myself on the email security settings for this site, I logged back in to the host, had to remember the text-based email client on Centos, and sent myself an email from it - it came just fine, but had same red padlock. But the DKIM/SPF/DMARC settings on the email all looked fine. I sent a test email to one of those mailcheck sites, and it confirmed DKIM/SPF/DMARC were all fine. But - I then clarified that the red padlock had nothing to do directly with those, it was just letting me know that the mail wasn't TLS encrypted.

That's interesting, I was pretty sure I had set up TLS a million years ago, so what would have changed? Looking into it, I realized the issue. I've been updating the certificates for SSL every time they expire, or the website essentially blocks most users from seeing it. But SSL/TLS on the mailserver is different, and I hadn't updated that cert since I installed it in 2014. It still worked for many years, well past the expiration date of that first cert, and mail clients never warned users that the cert was actually expired until more recently. Gmail is now evidently one of them, and if the TLS cert is expired by far enough (apparently some number of years?), it won't connect via TLS and you get the red padlock.

Once I found that, I just had to google the syntax for the postfix config file, and point the cert info to the existing SSL certs that are already on the server for the webserver, reload the new config, and immediately everything started working. Mail is now TLS encrypted with the current cert, so I'm hoping it will now be less likely to show up in some spam boxes, but only time will tell.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


2 out of 2 members found this post helpful.
Old April 20th, 2023, 05:59 PM   #33
DannoXYZ
ninjette.org certified postwhore
 
Name: AKA JacRyann
Location: Mesa, AZ
Join Date: Dec 2011

Motorcycle(s): CB125T CBR250R-MC19 CBR250RR-MC22 NSR350R-MC21 VF500F CBR600RR SFV650 VFR750F R1M ST1300PA Valkyrie-F6C

Posts: A lot.
MOTY - 2018, MOTM - Nov '17
Good job! For old CentOS, you don't have to install latest snap/certbot. Can install epel-repo first and use older CertBot 1.11 from there. I recently installed on CentOS 5 system.
DannoXYZ is offline   Reply With Quote


Old March 5th, 2024, 11:35 PM   #34
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
Quote:
Originally Posted by DannoXYZ View Post
Good job! For old CentOS, you don't have to install latest snap/certbot. Can install epel-repo first and use older CertBot 1.11 from there. I recently installed on CentOS 5 system.
Should have done this already. Maybe next year. :-)

All certs were manually updated tonight through 3/25.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote


1 out of 1 members found this post helpful.
Old March 6th, 2024, 02:16 PM   #35
CaliGrrl
ninjette.org certified postwhore
 
CaliGrrl's Avatar
 
Name: Kerry
Location: Ventura, CA
Join Date: Jan 2016

Motorcycle(s): Ninja650

Posts: A lot.
MOTM - Apr '18, Apr '17, Apr '16
Thanks for keeping it up to date, Alex!
CaliGrrl is offline   Reply With Quote


Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying out SSL Alex Forum Information 13 March 7th, 2015 09:05 PM
[superbikeplanet.com] - More From The Thawing Cube Of Expired Red Bull Ninjette Newsbot Motorcycling News 0 November 19th, 2014 03:10 PM
Ontario License Expired MyronGanes General Motorcycling Discussion 10 March 31st, 2014 09:23 AM
[roadracingworld.com] - Brammo Replaces Expired Federal Tax Incentive With Retail Inc Ninjette Newsbot Motorcycling News 0 January 2nd, 2014 11:00 AM


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Motorcycle Safety Foundation

All times are GMT -7. The time now is 02:05 AM.


Website uptime monitoring Host-tracker.com
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
User Alert System provided by Advanced User Tagging (Lite) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Except where otherwise noted, all site contents are © Copyright 2022 ninjette.org, All rights reserved.