https anyone? #279
Comments
|
I'm open to it - and it's running on apache so I imagine it's simple to set However, if there's other folk that say they want it - I'm happy to add it On 17 April 2013 10:59, Mihail Fedorov notifications@github.com wrote:
|
|
I'm from Russsia :) So all the time nowdays I prefer https links whenever possible. Even for such easy thing as license site. Also it's not cool to make http link from https website (browser will warn sometimes). But if you consider it too hard to implement (configuring virtualhost) let's wait for some other folk who will vote for it. |
|
This all was about certificate. I can try to issue one from Startcom SSL, but I'll need your direct assistance. Drop me e-mail if (or when) you will need certificate. |
|
+1 for an SSL certificate and enforcing it (use HTTPS as canonical link and/or 301 redirect target). I too am willing to donate a few years for the 2 SSL certificates (root and wildcard). |
|
+1 |
|
+1 but someone else needs to source the wild card SSL cert. |
|
+1 and I'll donate, should you decide to implement https. Optional https would be fine with me. |
|
Cloudflare provides free https without having to do any configuration on the server on the free plan, I'm not sure if this could help... |
|
also, in the fall we can do Let's Encrypt. |
|
But neither do wildcard SSL which this project would need. On Sun, 26 Jul 2015 18:28 Ari Porad notifications@github.com wrote:
|
|
Cloudflare has an API for adding cname entries on DNS, which all have ssl enabled |
|
I think cloudflare does wildcard, but we could do have the server get a Let's Encrypt as part of the process. |
|
Let's Encrypt will only be available on September according to their website, but if we used cloudflare, self-signed certificates could be used until Let's Encrypt release. |
|
But they still said that they don't plan to support wildcards, so a new SSL certificate would have to be generated on each new account and for each existing account |
|
@remy Me and others have already indicated willingness to sponsor the costs of the certificate. Similar to how we have supporters for the domain costs. Neither CloudFare nor Let's Encrypt seem to support free wildcard certs anytime soon. So I'd recommend we go ahead without that. |
|
Okay, so namecheap is my dns and ssl provider, so the cheapest SSL wildcard (and max term) is £57.36 / year. I'd want to fill the runway as far as possible - i.e. 3 years. If people are happy to donate to enable that, I'll do the work to enable this across the board by default for all pages. I can't remember where I'm hosting the mit-license at the moment, I think it's on a linode machine but (aside), I need to port across to a DigitalOcean server at some point (trying to consolidate the different services I use!). Once the funds are in place for SSL, I'll crack on and do whatever the change is required (I think it's apache...though I think I've got a custom proxy in front of that, so it might not be a quick install). Is there anyway to transparently show how funding is getting on? I'm happy to point folks to a paypal account and just report what's gone in, or maybe we can use gratipay...though, I don't think I have a team set up for myself...(free thinking here), maybe I setup a team for mit-license...? |
|
Maybe we could set up a donation page in PHP and use PayPal's IPN to get the amount donated and add to the total? |
|
CloudFlare does support wildcards. In fact, this is the only type of free SSL they provide. (They also pack multiple domains per certificate (to reduce costs, I guess).) You could look at my website for example:
That being said, I really look forward to Let's Encrypt. It seems to be a more privacy-aware option to me. |
|
I'll look at cloudflare but I don't remember seeing wild card support for And again, let's encrypt will not support wildcard SSL. They've On Mon, 3 Aug 2015 08:16 Ale notifications@github.com wrote:
|
|
You could also get around the wildcard issue by providing mit-license.org/username as well as username.mit-license.org; this way only a single ssl cert would e required for the primary domain. |
|
@remy Where do we stand on the SSL certificate issue? Have we raised any funds for this? Do we need to set up a crowdfunding source somewhere and get this set up? If cloudflare is an option, then we should get that setup since it is free. If not then let's get some funds raised and get this knocked out. If you need help getting things moved over to DO (Digital Ocean) let me know. I just did that this weekend and can help get it over there and get the cert set up for us. |
|
How about you look into LetsEncrypt ...
|
|
https://letsencrypt.org/
|
|
@remy: Are you still up for maintaining this project? Would you rather have someone take it over. (This isn't meant to be cynical in any way, I've just noticed there's been some activity recently, and I figure you're busy). |
|
@KamijouTouma If you read previous posts LetsEncrypt is not a valid option. LetsEncrypt does not allow for wildcard domain certificates and we would need that feature. |
|
@benniemosher ...or we could just generate a certificate per subdomain. Not really practical, though..? |
|
I think that would be a tad bit of work. Especially if we can get a free wildcard certificate from Cloudflare. |
|
Both CloudFlare and LetsEncrypt ideas will not work. I like both, but they won't help for wildcard SSL. CloudFlare will not allow proxying wildcard, only DNS record: https://support.cloudflare.com/hc/en-us/articles/200168826 LetsEncrypt has no option for wildcard and you can't issue cert for each sub-domain - SSL cert with more than 100 names is not supported by major browsers. I'm still up for using StartSSL - one wildcard cert for 2 years for rather small price. |
|
@kolobus But Cloudflare does indeed issue the wildcard certificate:
So it's only a problem of adding the subdomains to the DNS (as CF doesn't proxy wildcards). Luckily, it's a matter of one HTTP query: https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record I still see buying a normal certificate as the easiest solution, though. I'd personally stick with this one. |
|
Um let's encrypt does have wildcard certificated they do not have multi
|
|
If you actually read up "Wildcard certs aren't yet supported by the ACME protocol." Which is a separate entity from let's encrypt. They technically do support it but it is not publicly available due to domain validation issues. |
|
No they dont. That's not a problem since you can put as many subdomains as you need in one issue (each of them will be ACME-validated separtly.) and reissue is very easy. https://community.letsencrypt.org/t/frequently-asked-questions-faq/26 Will Let’s Encrypt issue wildcard certificates? We currently have no plans to do so, but it is a possibility in the future. Hopefully wildcards aren’t necessary for the vast majority of our potential subscribers because it should be easy to get and manage certificates for all subdomains. |
|
I think the most instant and practical solution is to use CloudFlare, since it supports wildcard certificates and has the DNS API which can be used to add CNAME entries for the users. |
|
With thanks to CloudFlare - ALL domains are now https.
|
Is there any point to add https (SSL) support to mit-license.org (and *.mit-license.org) for allowing https://username.mit-license.org? I probably can try to donate a certificate.
What's more important - does current hosting support SSL at all?
The text was updated successfully, but these errors were encountered: