<div dir="ltr">On 20 July 2018 at 16:19, Unix Unanimous <span dir="ltr"><<a href="mailto:u-u@mail.unixunanimous.org" target="_blank">u-u@mail.unixunanimous.org</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On Fri, 20 Jul 2018, Giles Orr wrote:<br>
|On 20 July 2018 at 08:57, Adam Holland <<a href="mailto:ajh8888@gmail.com">ajh8888@gmail.com</a>> wrote:<br>
|<br>
</span>|1. HTTPS for <a href="http://unixunanimous.org" rel="noreferrer" target="_blank">unixunanimous.org</a> (as per the URLs appended to the bottom<br>
<span class="gmail-">|of mailing list messages) gives me a strange error. If not already a known<br>
|issue, ask me for details.<br>
|<br>
|It would appear the inclusion of "https:" is, shall we say, aspirational.<br>
|The website is unencrypted, so if you attempt to visit the website with<br>
|https: prepended, it fails with a security error. The "s" should be<br>
|removed from the signature.<br>
<br>
<br>
</span> Removal os the "s" is not secure ... we added a new<br>
Let's Encrypt cert recently & even tho cert testers<br>
seem to like it, browsers often take several clicks<br>
on "Try Again" to make it work for some reason<br>
<br>
<br>
Perhaps we will replace the cert soon if further<br>
debugging doesn't turn up anything, sigh :\<br></blockquote><div><br></div><div>Dan has beaten me to a similar analysis - he may have done a better job. But I thought I'd send this along anyway.<br></div><div><br></div><div>Whatever the problem is, it's probably not the cert. I'm damned if I can tell what it is though: when I hit it with Firefox, it gives me an SSL_ERROR_UNSUPPORTED_VERSION which would seem to indicate you're not even supporting TLS 1.2 - which would be a bit insecure (that blocking is a setting I have in FF, most people don't have this set). When I hit it with Chrome on my Mac, I get ERR_SSL_PROTOCOL_ERROR (my Chrome has only standard settings - nothing weird like FF). When I put it in Qualys SSL Labs ( <a href="https://www.ssllabs.com/ssltest/analyze.html?d=unixunanimous.org">https://www.ssllabs.com/ssltest/analyze.html?d=unixunanimous.org</a> ) this morning, they said the site was entirely unencrypted - so they couldn't test your cert or secure server configuration. This afternoon Qualys says "Unable to resolve domain name". But Chrome on Windows sees the page fine So yeah: I have NO idea what's wrong with the site, but I'd say there are probably multiple problems that needs to be looked at. I wouldn't start with the cert.<br></div></div><br></div><div class="gmail_extra">-- <br><div class="gmail_signature">Giles<br><a href="https://www.gilesorr.com/" target="_blank">https://www.gilesorr.com/</a><br><a href="mailto:gilesorr@gmail.com" target="_blank">gilesorr@gmail.com</a></div>
</div></div>