Candlekeep Forum
Candlekeep Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Private Messages | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 The Candlekeep Web Site
 Site Content
 Certificate error
 New Topic  New Poll New Poll
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

TheIriaeban
Master of Realmslore

USA
1289 Posts

Posted - 13 Jan 2023 :  01:01:50  Show Profile Send TheIriaeban a Private Message  Reply with Quote  Delete Topic
I keep getting an invalid certificate error in my browser when accessing the forums. Anyone else seeing that?

"Iriaebor is a fine city. So what if you can have violence between merchant groups break out at any moment. Not every city can offer dinner AND a show."

My FR writeups - http://www.mediafire.com/folder/um3liz6tqsf5n/Documents

Blademaster
Acolyte

Canada
5 Posts

Posted - 13 Jan 2023 :  01:37:07  Show Profile Send Blademaster a Private Message  Reply with Quote
Yes, I just go the same message when I logged in this evening.
Go to Top of Page

Wooly Rupert
Master of Mischief
Moderator

USA
36804 Posts

Posted - 13 Jan 2023 :  01:55:36  Show Profile Send Wooly Rupert a Private Message  Reply with Quote
Got the message, myself. I'm about to ping Big Al.

Candlekeep Forums Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct

I am the Giant Space Hamster of Ill Omen!
Go to Top of Page

Ashe Ravenheart
Great Reader

USA
3243 Posts

Posted - 13 Jan 2023 :  02:20:49  Show Profile Send Ashe Ravenheart a Private Message  Reply with Quote
quote:
Originally posted by Wooly Rupert

Got the message, myself. I'm about to ping Big Al.

I wonder if it has to do with the link to Paizo's announcement. I'm noticing it comes up especially if going to that scroll. Since Paizo's site is down, the link doesn't respond, and maybe site security can't verify everything's good.

I actually DO know everything. I just have a very poor index of my knowledge.

Ashe's Character Sheet

Alphabetized Index of Realms NPCs
Go to Top of Page

Wooly Rupert
Master of Mischief
Moderator

USA
36804 Posts

Posted - 13 Jan 2023 :  04:07:12  Show Profile Send Wooly Rupert a Private Message  Reply with Quote
quote:
Originally posted by Ashe Ravenheart

quote:
Originally posted by Wooly Rupert

Got the message, myself. I'm about to ping Big Al.

I wonder if it has to do with the link to Paizo's announcement. I'm noticing it comes up especially if going to that scroll. Since Paizo's site is down, the link doesn't respond, and maybe site security can't verify everything's good.



I don't see how it could possibly be related to that. The timing is mere coincidence.

I'm getting the same message when I hit the "Active Topics" link to see new posts.

Expanding on the error, it says the security certificate expired in the last day. I should expect that Big Al (or the host, depending on who owns the cert) just needs to renew it.

Candlekeep Forums Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct

I am the Giant Space Hamster of Ill Omen!
Go to Top of Page

Ayrik
Great Reader

Canada
7989 Posts

Posted - 13 Jan 2023 :  06:59:11  Show Profile Send Ayrik a Private Message  Reply with Quote
I'm guessing that Candlekeep's host failed to renew some license or update or whatever. A fixable problem which will quickly be corrected.

[/Ayrik]
Go to Top of Page

Alaundo
Head Moderator
Admin

United Kingdom
5695 Posts

Posted - 13 Jan 2023 :  07:08:38  Show Profile  Visit Alaundo's Homepage Send Alaundo a Private Message  Reply with Quote
Well met

Don't panic. This is due to Candlekeep being granted a free SSL certificate last year, which has now expired. Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.

Alaundo
Candlekeep Forums Head Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct


An Introduction to Candlekeep - by Ed Greenwood
The Candlekeep Compendium - Tomes of Realmslore penned by Scribes of Candlekeep
Go to Top of Page

sleyvas
Skilled Spell Strategist

USA
11829 Posts

Posted - 13 Jan 2023 :  16:30:42  Show Profile Send sleyvas a Private Message  Reply with Quote
quote:
Originally posted by Alaundo

Well met

Don't panic. This is due to Candlekeep being granted a free SSL certificate last year, which has now expired. Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.



Please forgive me my rant for a moment... it is not aimed at you Alaundo or this site.

{CrankyMode On}

I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it ... or worse someone puts some policy on all the systems so that they are no longer allowed to click past cert issues and then people forget that X application was added 5 years earlier and the cert needs to be updated before it expires. So, the cert expires, a major incident is stood up and 50 people get dragged on a call to whine about the application being broken. Then half of those whiners have no clue and try to armchair troubleshoot the issue, while the other half are all asking "who manages this app and why aren't THEY on this call?". Meanwhile, all it does is create some stupid job for usually the same guy that's pushing the requirement to get certs updated for the people that have no idea how to do it. Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.

{CrankyMode Off}

Alavairthae, may your skill prevail

Phillip aka Sleyvas
Go to Top of Page

Alaundo
Head Moderator
Admin

United Kingdom
5695 Posts

Posted - 16 Jan 2023 :  11:04:39  Show Profile  Visit Alaundo's Homepage Send Alaundo a Private Message  Reply with Quote
Well met

This should now be resolved. Any remaining issues, try clearing cookies or using an incognito session.

Alaundo
Candlekeep Forums Head Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct


An Introduction to Candlekeep - by Ed Greenwood
The Candlekeep Compendium - Tomes of Realmslore penned by Scribes of Candlekeep
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 16 Jan 2023 :  16:36:23  Show Profile Send Azar a Private Message  Reply with Quote
I cannot enter "General Forgotten Realms Chat"; clicking on the hyperlink causes my browser's window to flash and...nothing else. Clearing Candlekeep cookies and signing back in did not do the trick.

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 17 Jan 2023 :  02:23:40  Show Profile Send Azar a Private Message  Reply with Quote
Clearing all cookies also did not help.

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

Ashe Ravenheart
Great Reader

USA
3243 Posts

Posted - 17 Jan 2023 :  02:28:09  Show Profile Send Ashe Ravenheart a Private Message  Reply with Quote
Might just be you. I'm not having any problems.

I actually DO know everything. I just have a very poor index of my knowledge.

Ashe's Character Sheet

Alphabetized Index of Realms NPCs
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 17 Jan 2023 :  03:08:56  Show Profile Send Azar a Private Message  Reply with Quote
An "Incognito" window does the trick, but...I'd hate for this to be the only solution.

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

Wooly Rupert
Master of Mischief
Moderator

USA
36804 Posts

Posted - 17 Jan 2023 :  03:46:43  Show Profile Send Wooly Rupert a Private Message  Reply with Quote
Perhaps a different browser? I don't otherwise advocate for Edge, but I've not had any issues using it with this site.

Candlekeep Forums Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct

I am the Giant Space Hamster of Ill Omen!
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 17 Jan 2023 :  10:25:03  Show Profile Send Azar a Private Message  Reply with Quote
My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

Wooly Rupert
Master of Mischief
Moderator

USA
36804 Posts

Posted - 17 Jan 2023 :  11:00:52  Show Profile Send Wooly Rupert a Private Message  Reply with Quote
quote:
Originally posted by Azar

My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.



So you can't try it for a particular website because you can't customize it?

Candlekeep Forums Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct

I am the Giant Space Hamster of Ill Omen!
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 17 Jan 2023 :  13:03:39  Show Profile Send Azar a Private Message  Reply with Quote
quote:
Originally posted by Wooly Rupert

quote:
Originally posted by Azar

My rub with Edge - other than it being a descendant of Internet Explorer - is its comparative lack of customization.



So you can't try it for a particular website because you can't customize it?



I can try using that browser; I just don't want to be dependent on an entirely different browser for one subsection of a forum .

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

Storyteller Hero
Learned Scribe

USA
329 Posts

Posted - 19 Jan 2023 :  07:27:54  Show Profile  Visit Storyteller Hero's Homepage Send Storyteller Hero a Private Message  Reply with Quote
The site is working on my Safari browser, but Chrome seems to keep blocking it due to "invalid certificate".


My Blog: https://www.facebook.com/Johnnys-Tabletop-RPG-Design-Blog-1697026710539149/?ref=aymt_homepage_panel

My DMG Shop: http://www.dmsguild.com/browse.php?x=0&y=0&author=Johnny%20Tek

Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 19 Jan 2023 :  09:37:01  Show Profile Send Azar a Private Message  Reply with Quote
quote:
Originally posted by Storyteller Hero

The site is working on my Safari browser, but Chrome seems to keep blocking it due to "invalid certificate".





I wonder if this is a Chrome issue with certificates in general or if this specific certificate itself just doesn't jive with Chrome for whatever reason.

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

TBeholder
Great Reader

2427 Posts

Posted - 19 Jan 2023 :  16:33:07  Show Profile Send TBeholder a Private Message  Reply with Quote
Still shows an error (self-signed certificate)... and if that's manually accepted, drops out to unsecure http.
quote:
Originally posted by sleyvas


{CrankyMode On}
I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it

Sounds no different from the way anything else is done in Dilbert's company.
quote:
Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.

So for 90% of sites you are fine with... executing scripts from unknown sources?

People never wonder How the world goes round -Helloween
And even I make no pretense Of having more than common sense -R.W.Wood
It's not good, Eric. It's a gazebo. -Ed Whitchurch
Go to Top of Page

sleyvas
Skilled Spell Strategist

USA
11829 Posts

Posted - 19 Jan 2023 :  18:45:04  Show Profile Send sleyvas a Private Message  Reply with Quote
quote:
Originally posted by TBeholder

Still shows an error (self-signed certificate)... and if that's manually accepted, drops out to unsecure http.
quote:
Originally posted by sleyvas


{CrankyMode On}
I hate certs.... having to deal with this stuff in an internal corporate environment where noone pays attention to it and just clicks past it

Sounds no different from the way anything else is done in Dilbert's company.
quote:
Don't get me wrong, I can see why they might be needed in some instances (I don't want someone somehow getting my bank's DNS entries for themselves and setting up a fake site).... but ~90% of things don't need it.

So for 90% of sites you are fine with... executing scripts from unknown sources?



The majority of things with certs like I'm talking about aren't even internet facing. Its internal management for devices running their own specialized O/S, etc... You could setup a self signed cert and set it to expire in 50 years, but then someone says "that's not good enough, you need one from a cert authority, and it has to expire every 3 years". Half the stuff you'd have to hack into the network, then get into a jumpbox in a special VRF that's absolutely cut off from the internet, then web browse to the management of your device.... hoop after hoop after hoop.

Alavairthae, may your skill prevail

Phillip aka Sleyvas
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 20 Jan 2023 :  01:15:39  Show Profile Send Azar a Private Message  Reply with Quote
Another user on the site said that he is getting bounced out.

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

Alaundo
Head Moderator
Admin

United Kingdom
5695 Posts

Posted - 20 Jan 2023 :  09:24:22  Show Profile  Visit Alaundo's Homepage Send Alaundo a Private Message  Reply with Quote
quote:
Originally posted by Azar

Another user on the site said that he is getting bounced out.



Well met

What does he mean exactly? Can you get him to email me at alaundo @ candlekeep.com please.

The cert issue is annoying, but this is down to local browser caching etc. now.

Alaundo
Candlekeep Forums Head Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct


An Introduction to Candlekeep - by Ed Greenwood
The Candlekeep Compendium - Tomes of Realmslore penned by Scribes of Candlekeep
Go to Top of Page

Azar
Master of Realmslore

1309 Posts

Posted - 20 Jan 2023 :  12:48:40  Show Profile Send Azar a Private Message  Reply with Quote
quote:
Originally posted by Alaundo

quote:
Originally posted by Azar

Another user on the site said that he is getting bounced out.



Well met

What does he mean exactly? Can you get him to email me at alaundo @ candlekeep.com please.

The cert issue is annoying, but this is down to local browser caching etc. now.



Specifically clearing the Cache (instead of the Cookies alone) did the trick for both of us, in the end. Thank you for the tip!

Stand with anybody that stands right. Stand with him while he is right and part with him when he goes wrong.

Earth names in the Realms are more common than you may think.
Go to Top of Page

TBeholder
Great Reader

2427 Posts

Posted - 27 Jan 2023 :  23:42:49  Show Profile Send TBeholder a Private Message  Reply with Quote
Why not use Let's Encrypt? They give out free Domain Validation certificates, which are recognizable by browsers because they are on that certificate tree. That's all you need, right?

People never wonder How the world goes round -Helloween
And even I make no pretense Of having more than common sense -R.W.Wood
It's not good, Eric. It's a gazebo. -Ed Whitchurch

Edited by - TBeholder on 27 Jan 2023 23:44:22
Go to Top of Page

Big Mac
Acolyte

United Kingdom
28 Posts

Posted - 11 Aug 2024 :  00:11:26  Show Profile  Visit Big Mac's Homepage Send Big Mac a Private Message  Reply with Quote
quote:
Originally posted by Alaundo

<snip>

Due to the nature of this site, it's not really necessary to have a certificate. I'll get this addressed shortly.



That is the exact same attitude I used to have for the website I run. We do not sell anything or exchange credit cards details with people. There is literally nothing to secure.

Then we started to get second-hand reports from existing forum members, stating that people they had invited to join us had refused to sign up, stating that their browser or a search engine had listed the website as "not secure".

Facebook seems to also be blacklisting http only websites. It is impossible to link to the Spelljammer: Beyond the Moons website there, which kind of sucks, when you are trying to help keep Spelljammer fandom alive.

So we decided to move our website to https pretty much at the point of a gun.

But the problem with https, is that it is tied into certificates that you constantly have to renew. If you are late (or ill or busy with important stuff) everyone's browser throws up websites suggesting that your website is dangerous. That aspect is a pain in the neck.

You might want to check out Cloudflare. Candlekeep probably qualifies for their free account. That comes with a free security certificate that gets updated at their end. And you also get DDoS protection.

If it is not going to conflict with your forum software or the software you use for the main website, it might be a one-and-done solution.

David "Big Mac" Shepheard
Administrator - Spelljammer Wiki
https://spelljammer.fandom.com/
Chief Editor - Wildspace Magazine
https://www.thepiazza.org.uk/bb/viewtopic.php?t=29589
Go to Top of Page

TBeholder
Great Reader

2427 Posts

Posted - 11 Aug 2024 :  17:13:18  Show Profile Send TBeholder a Private Message  Reply with Quote
The problem persists.
quote:
Originally posted by Big Mac

That is the exact same attitude I used to have for the website I run. We do not sell anything or exchange credit cards details with people. There is literally nothing to secure.

As long as you don't insist that the users should take risk by enabling JavaScript on what appears to be your site.
Man-in-the-middle attack is a thing.

quote:
Facebook seems to also be blacklisting http only websites. It is impossible to link to the Spelljammer: Beyond the Moons website there, which kind of sucks, when you are trying to help keep Spelljammer fandom alive.

There's also that. Of course, if you want to integrate it with Facebook, why not just do it on Facebook?
I mean, seeing how they speed-banned even mentions of a certain math law among the other things, it may be a step beyond even the current state of Piazza, but if you really want Facehug...

quote:
You might want to check out Cloudflare. Candlekeep probably qualifies for their free account. That comes with a free security certificate that gets updated at their end. And you also get DDoS protection.

Do so if you want your site to be inaccessible for anyone except users in Seattle and using browsers that support the latest Google(TM) spyware.
I fed their "hurr, checking if you are human" script crafted UserAgent value of a Google bot once... the script suggested to upgrade it.

quote:
But the problem with https, is that it is tied into certificates that you constantly have to renew. If you are late (or ill or busy with important stuff) everyone's browser throws up websites suggesting that your website is dangerous. That aspect is a pain in the neck.
Automation is a thing. That is done with them computers. Let's Encrypt plainly states in FAQ:
quote:
We recommend automatically renewing your certificates every 60 days.
And if you follow link in the previous line:
quote:
If we’re going to move the entire Web to HTTPS, we can’t continue to expect system administrators to manually handle renewals.

People never wonder How the world goes round -Helloween
And even I make no pretense Of having more than common sense -R.W.Wood
It's not good, Eric. It's a gazebo. -Ed Whitchurch
Go to Top of Page

Italian Archmage Karsus
Learned Scribe

126 Posts

Posted - 17 Aug 2024 :  01:19:24  Show Profile Send Italian Archmage Karsus a Private Message  Reply with Quote
Alaundo, from what I understand, doesn't do his own webhosting: it is done as a service. That service charges for HTTPS; it doesn't matter whether they renew with certbot, by snail mail, or artisanally. The forum software is also thoroughly obsolete and it would almost certainly break if they tried to move hosts. So, either Alaundo pays for HTTPS, or we don't get HTTPS, because LetsEncrypt would require Alaundo had access to the server personally, and he is locked in with the host.

This is not a technical issue, TBeholder. Just make sure you don't reuse passwords.
Go to Top of Page

Alaundo
Head Moderator
Admin

United Kingdom
5695 Posts

Posted - 18 Aug 2024 :  22:26:43  Show Profile  Visit Alaundo's Homepage Send Alaundo a Private Message  Reply with Quote
Well met

Indeed, whilst Candlekeep did have a few years being self-hosted, it is no longer. The host charge for certificates and do not permit alterative means of provisioning.
The forum and site have moved several times of the years, not without incident and pain, but there is no current plan to move hosts, although a long overdue plan to migrate the underlying forum software.

Alaundo
Candlekeep Forums Head Moderator

Candlekeep - The Library of Forgotten Realms Lore
http://www.candlekeep.com
-- Candlekeep Forum Code of Conduct


An Introduction to Candlekeep - by Ed Greenwood
The Candlekeep Compendium - Tomes of Realmslore penned by Scribes of Candlekeep
Go to Top of Page

Big Mac
Acolyte

United Kingdom
28 Posts

Posted - 20 Aug 2024 :  15:34:22  Show Profile  Visit Big Mac's Homepage Send Big Mac a Private Message  Reply with Quote
quote:
Originally posted by Alaundo

Well met

Indeed, whilst Candlekeep did have a few years being self-hosted, it is no longer. The host charge for certificates and do not permit alterative means of provisioning.
The forum and site have moved several times of the years, not without incident and pain, but there is no current plan to move hosts, although a long overdue plan to migrate the underlying forum software.



Thanks for the confirmation!

(Our hosting company also wanted to charge us, if they provided certificates, but didn't block us from going around their support team to do it ourselves.) Sorry to hear that you do not have that option. I'll consider this topic closed.

Good luck migrating the forum software. I know that will be a very big task.

David "Big Mac" Shepheard
Administrator - Spelljammer Wiki
https://spelljammer.fandom.com/
Chief Editor - Wildspace Magazine
https://www.thepiazza.org.uk/bb/viewtopic.php?t=29589
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  New Poll New Poll
 Reply to Topic
 Printer Friendly
Jump To:
Candlekeep Forum © 1999-2024 Candlekeep.com Go To Top Of Page
Snitz Forums 2000