I’m gonna set up HTTPS here in the next 10-15 minutes. Hold on to your
Well that went extraordinarily badly.
The certificate was issued as 0-length from Let’s Encrypt, consistently, even after following our howto troubleshooting.
I had to also turn off the CDN as the CDN is expecting https now :( which means images will be broken.
Well that f’ing sucked.
edit: all resolved, through extraordinary pain
You sure you’re not my IT Manager?? ;)
Thanks for the hard work wumpus. Again, very appreciative. But why https? I mean, it’s not we are discussing some super secret end of the world stuff here.
Ask @stusser. I generally agree that HTTPS needs to eventually be everywhere…
https://blog.codinghorror.com/should-all-web-traffic-be-encrypted/
(that was also pre-Snowden)
…but it’s still a pain in the ass to get going, and significantly complicates site setup. Better than it used to be, for sure, but a long way to go.
Great article! +1
Where is Like when you need it?
Now I’ve type 3 sentences just to expressed myself.
Basically the answer used to be “Because WiFi”, and now the answer is “Because WiFi and Snowden”.
(networks that f**k with your content and insert ads or other BS is also becoming increasingly common, and completely goes away with https.)
They’ve closed the performance gap even further since 2012 on the client, which is nice. SPDY morphed into HTTP/2 and all that.
Yep. Everything should be encrypted, pretty much.
I concur.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: This is a secure message. Transfer 45 bitcoins to decryp. PM for transfer details.
hQEOA1e+1x6YuUMCEAQAo54XvlxKz8e/AR67EHpgolfscFJHWn1NuuAeCXJSxDDr
CCYvNQQuzF9026PtuzRMzsnwtrnMUA6QQri2lMQ+H9eFilvaHFd/n/wq02W+gLa/
o8OGzpxc4KyGDimdraYKR/r3fkem++I2aqB8F3D4Y4b71Ve6LXo4GPyXBpHrcqEE
AJe1bk/tACi+Gb25BUuo3MH1PK4pRfIs109JKkpa+Ya9DoYsZSWlNX17aQebHteQ
TGMlTf7uDRjGfjF9XHDQVlfUA55vILXIDJE+bJuxTlDXZLXtm2JA8DWxXQC2+nbb
ZB+h6m2aJ0wvFG5hlv0cLmFOR0Ay6+ruCE6rzssP63ZH0sBZATxyGUNzuKJuny0g
95bye2tS6IpQ9s3n0DUvcvr1Q9AnXeDFwBL6SrW2slTpKRm7iy3RQd6Vq9mZwnga
fUXvU91TjLoE9X36WyTh7hxj7kZ8fPjsf/PS2d6H/oNdUiqaan+AY4+t116huxUA
odBUKtgcwTfQNLtQlHiEq+bPnVH1IpBQh0yXCZDFG9nnrR4QueHgNGyqa0WuRiTE
MUa1XntnatS0sUBVixyNp6auVihalFUdAnYuzYdyB7XZY5USFewdOTo73oFziLJ1
Xk5WXBrEAPGuzdarIV5cCujZ6JbtvXhMeiMcItVmHVr+wg1U+t+L+fI0HlI7W0Y9
py8rOfEbSknw3NAK/4Rjw9SlUKqhOJV6SIxb7zQ=
=MH/N
-----END PGP MESSAGE-----
ASCII Alizée? Impressive.
using https anywhere, and I’m in (though FF indicates “this website does not supply identity information” on the SSL lock in the url bar. Also indicates that some content is not secure. Images? Not sure.
@wumpus It looks like some of the oneboxing includes images pulled over http. This post has an example.
It pulls this image:
http://cdn.arstechnica.net/wp-content/uploads/2016/08/vlcsnap-2016-08-08-23h31m17s326-640x363.png
The https version of the image works, too, so it is possible to hit the Ars Technica CDN with a secure connection.
How do I get this to work with my Qualcomm Eudora email client?
Since we don’t mirror images here (for disk space reasons) it will also happen for hotlinked images.
The link to the front page needs fixing? It shouldn’t be https I think.
Oh yes, thanks, I was using protocol agnostic there, e.g. //example.com/blah.jpg and that’s no good when we start from HTTPs.
Hey @stusser why isn’t the front page HTTPS? eh? eh? eh???
QUID PRO QUO, CLARICE… QUID PRO QUO