Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NET::ERR_CERT_AUTHORITY_INVALID #236

Closed
Heraes-git opened this issue May 2, 2023 · 9 comments
Closed

NET::ERR_CERT_AUTHORITY_INVALID #236

Heraes-git opened this issue May 2, 2023 · 9 comments

Comments

@Heraes-git
Copy link

Heraes-git commented May 2, 2023
edited

I'm using no-ip to redirect to my LAN.
I have port 80 and 443 opened in my router, to redirect to one of my machine hosting my websites with HFS v3.
I have vhosts with no-ip subdomains as roots.

When trying to access my websites, I have a certificate error (not recognized).
I remember that when I "installed" HFS on my machine, it asked something about certificates at start.
As it was asking an URL and I didn't know why the heck it was asking me that, I choosed the second option, and it refreshed and it was ok.

I don't know what it does (or vaguely : it's about https auth), and I don't want to dive into certificates shit. I've installed SSL/HTTPS craps in the past, I still haven't really understood the kung-fu about it, and I don't want to wast my time with stuffs that programmers aren't capable to explain correctly and harmonize through all the technologies.

Can you just help figuring how to make the certificate created by your software to be "publicly recognized" ?

PS : why don't you give information when the popup appears the first time we open HFS admin panel ? Like "If you want to make your cert key public, you have to blablabla"... People are not supposed to have a PhD in development to use HFS.
@Heraes-git Heraes-git added the bug Something isn't working label May 2, 2023
@rejetto
Copy link
Owner

rejetto commented May 2, 2023

this is the dialog you currently get when creating the certificate inside HFS
image

The "warning" it speaks about is exactly the one you are getting, and I have this "get better certificate button" (linking https://letsencrypt.org).
It is my goal to make this dialog clear, of course, and if you have a suggestion on this I will consider it.
It's not easy to be both clear and short. If it's long people won't read it.
My final goal on this is to (easily) produce the better certificate. It's in my to-do list.

@rejetto rejetto removed the bug Something isn't working label May 2, 2023
@Heraes-git
Copy link
Author

Heraes-git commented May 2, 2023
edited

Well, as a suggestion :

  • The textarea shoud have, instead of "Enter a domain or leave empty", an explanation of what it does as a default input. As I said, I don't know what it's about precisely. If it's about linking to a website that is usually an authority in referencing certificates to make them being public, just say it. If it's about linking to an already existing certificate, say it. But we don't know !!! You're supposed to be the one who know what this form does on the page.

  • The first button (in blue) should not be "Continue" but "Send".

  • Then, the second button should be something more precise than "Get better certificate". Firstable, we don't know why we should have a better one (don't say me "Of course you know ! You talked about it !!" - Yeah but at the moment we don't know a damn thing about it, at all).

It's not easy to be both clear and short. If it's long people won't read it.

Yeah but for such an important and vital thing, they will.

Just display a red message on the top of the popup saying "WARNING : This is an important step, involving the way webusers will access comfortably your website ! Please read carefully the details below !".

And then, in two paragraphs :

"To access your website in HTTPS, a certificate need to be built by HFS. There is two ways to built them : privately (wich is a faster process), or publicly (longer because we need to declare it on an authorized referent). If private, users will have a warning message in their web browser, saying that the certificate is not recognized."

"Please chose the way you want to create it :"

Then, the two buttons should be related to these choices, like :

[ Private ] [ Public ]

And after that, I don't know, it's up to you to do what to do to perform the public processes required to authorize the certificate (maybe redrection, I don't know).

@xrivo1
Copy link

xrivo1 commented May 2, 2023

scusate... mi pare di capire che con HFS è possibile creare un certificato.......
forse mi sono perso qualcosa. Io ho creato un certificato personale che ovviamente da un messaggio di avviso " certificato non valido " essendo autoprodotto.
Mi dai informazioni dettagliate su come creare un certificato con HFS ?
Grazie

@rejetto
Copy link
Owner

rejetto commented May 3, 2023

Mi dai informazioni dettagliate su come creare un certificato con HFS ?

anche il certificato che ti crea HFS è autoprodotto e dà l'avviso, perciò non hai motivo di rifarlo. Se togli il tuo vedrai comparire il bottone per farne uno nuovo.

@xrivo1
Copy link

xrivo1 commented May 3, 2023 via email

@rejetto
Copy link
Owner

rejetto commented May 3, 2023

just to be clearer, at the moment the best solution to this problem is to get a trusted certificate from https://letsencrypt.org/
or any other certificate issuer.
In the future I hope HFS will make this for you.

@rejetto
Copy link
Owner

rejetto commented May 3, 2023

also, I will try to improve the dialog above, to be clearer

@xrivo1
Copy link

xrivo1 commented May 3, 2023

Sei davvero un grande. in 5 minuti installato Certbot. Ottenuto certificato valido con funzione di rinnovo automatico ogni 90 gg. che dire... Questo HFS è il top.

@rejetto
Copy link
Owner

rejetto commented May 6, 2023
edited

@Heraes-git thanks for your suggestions.
The underlying certificate-generator wants this "domain" field, so at the time I just decided to NOT omit it, as potentially useful.
From my tests, it makes no practical difference (to Chrome at least), so I'm removing it.
The result is a shitty certificate in every case.
It is still the minimum necessary to get https working.

So, I'm trying to improve like this: before the dialog, I'm adding a link what's this so that you can learn about the whole story
image

And this would be the new dialog clicking "make one"
image

and the "beware" link is the same as above, where you can see in a video the same warning the user will see.

I hope so to keep it very short, while letting you access the long version by clicking the link.
The yellow color, warning sign, and "BEWARE" word should give you the right level of attention.

@rejetto rejetto closed this as completed May 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rejetto @Heraes-git @xrivo1