-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move site away from StartSSL certificate #13
Comments
Hi @TPS! Thank you for informing me about this issue. I just learned about this myself today through the podcast Security Now. I will be looking into changing the certificate next week. |
ElfDict's host doesn't seem to support Let's Encrypt. I've sent a message to my host, asking if it's possible to implement this in the future. I can't manually generate certificates for ElfDict as their life time is only 90 days. |
It turns out that you may not have to, because of updates in the last ~48 hours.… I'm sure SG will be covering it soon, but the latest is that StartSSL is reorganizing under different ownership in hopes of saving the brand. Iff the implemented changes are acceptable to the security community (a _HUGE_ iff), they'll invalidate all old certs & reissue new 1s under the new secure architecture. For now, it may be sufficient for you just to drop the cert/HSTS & go HTTP for a little bit, while waiting for a new cert. |
Also, does something like Netlify work for you? |
My host is working with Symantic to implement a similar solution (https://www.symantec.com/theme/encryption-everywhere) but it won't be ready until next year. So in light of this, I've generated a 90-day certificate using Let's Encrypt, and working on convincing my host to install it for my site. The discussions are still ongoing. |
I've fixed it by transitioning to Amazon Lightsail! Thank you for the feedback @TPS ! |
@galadhremmin Fantastic result on SSLTest, too, other than a currently-minor quibble about DNS CAA: No, which you'd hafta take up w/ Lightsail, if you choose. Congrats! |
@TPS I reached out to FSData which still manages my domain names, and their DNS unfortunately does not support this feature yet. I'll see what I can do. |
@galadhremmin In preparation for Mozilla's reported proposed removal of WoSign & StartSSL, I disabled those roots in my browser. When I re-opened Parf Edhellen, it turns out that you use StartSSL!
Maybe you want to migrate to Let's Encrypt or something more reputable?
The text was updated successfully, but these errors were encountered: