Users experiencing a "Your connection is not private" message when visiting vrms.io

[MattPereira]

Overview

We have received reports that users' browsers are throwing a NET::ERR_CERT_DATE_INVALID when they try to visit the site. We will investigate further to see if we can fix it.

Action Items

• Figure out why users are getting this message even though the chrome certificate viewer shows the SSL cert is currently valid

Instructions

See screenshots of expired SSL certificate that some users experience

See screenshot of valid SSL certificate other users experience

Resources

• Slack thread about issue

Slack thread about issue

Bonnie
[1 year ago]
Hi @Matt Pereira So I showed the secret password function to a coworker, and they pointed out that they get this connection is not private message when they try to use vrms.io... #1365 (comment)
Please open a new issue to fix the outdated cert. I'll have to work with you to sort it out on AWS (which is where I think the cert needs to be renewed).
p.s. this issue is a known issue. So if there is already an issue for it, just mark as time sensitive and we can work on it together asap. It dosent happen to me, but people had already been mentioning the cert problems logging into vrms.io

5 replies

Matt Pereira
[1 year ago]
I do not think the vrms SSL certificate is outdated (screenshot shows issued on 2/7/23 and expires on 7/30/23)
There are many reasons a browser might throw a NET::ERR_CERT_DATE_INVALID that the individual user would need to troubleshoot including outdated version of browser/operating system, antivirus software, browser extensions, cache & cookies, date & time settings, VPNs, and public wifi
https://kinsta.com/knowledgebase/net-err_cert_date_invalid/ (edited)

Bonnie
[1 year ago]
ok, but it happens to lots of people

Matt Pereira
[1 year ago]

• Users experiencing a "Your connection is not private" message when visiting vrms.io #1377

Rabia Shaikh
[1 year ago]
@Matt Pereira

It was me who got that error. I am now getting the same error while trying to access https://vrms.io/api/projects
Adding a screen shot to the other comment.

Rabia Shaikh
[1 year ago]
I've added the screenshot to issue #1377 as well...

• AWS Route 53 records ( login using credentils from VRMS 1Password vault )

[Rabia2219]

See screenshot of message after clicking on `Advanced`

[MicahBear]

Took me a bit but I was able to replicate the issue.

• It looks like the SSL certificate is expecting a . before the domain name. If there is nothing between the protocol and domain name you are given that error and maybe an old certificate we may have had at one point.
  - From Valid AWS certificate : CN( common name ) : *.vrms.io
• When you click to the red triangle icon with ! inside it gives you the SSL certificate that is expired that was issued by google it says.
• The certificate issued by AWS is valid.
• Tested :
  • https://.vrms.io : browser sends you to options to pick vrms domain
  • https://www.vrms.io : sends you to vrms
  • vrms.io : sends you to vrms

See screenshot: reviewing invalid certificate (google)

[salice]

Just replicated this issue and Bonnie asked me to share. I visited https://vrms.io/secretpassword for the first time with Chrome and saw the "Your connection is not private" message. I clicked on Proceed and the following page had a correct certificate and a green lock. I then tried to go to the page in a Chrome Incognito window and did not see the "connection not private message," but when I then checked the page in Firefox I saw the "connection not private" message again.

[Spiteless]

I just experienced this issue as well. Here's two screenshots:

Screenshots

[ExperimentsInHonesty]

@MattPereira I was on with the community of practice leads yesterday, and we discovered that if you click though the warning message, it won't come back. I am not advocating this as a solution, but rather providing that information in case that helps in troubleshooting. @salice was able to replicate it by going to a browser she had not used before.

[MattPereira]

vrms.io had two certificates for the domain name *.vmrs.io with the AWS Certificate manger. One of them had a status of failed. Ops removed that one leaving only the one that has a green checkmark

https://us-west-2.console.aws.amazon.com/acm/home?region=us-west-2#/certificates/list

[MattPereira]

Closing as completed since @jbubar confirmed that he was no longer experiencing SSL cert issue for the first time.

Issue can be re-opened if other users still encountering expired cert from google.

[ExperimentsInHonesty]

it causes errors when people use vrms.io for the first time but never when they use www.vrms.io

Today we added the *. to route 53 to see if that helped.

[Spiteless]

Has this been resolved? I haven't heard of it happening in awhile.

[JackHaeg]

Issue is still relevant, though partially resolved. When some users type "https://vrms.io" they receive a 404 error. VRMS without a subdomain is not configured properly

[JackHaeg]

Duplicate issue that has been refined and added to hackforla/incubator#70