Server SSL certificate

[milivojm]

Our server no longer has an SSL certificate resulting in security warnings when opening CNTR links or trying to run an http mod repository from the server. It would be helpful if R&D could restore the certificates for our server again.

[milivojm]

We need SSL just for priv.carpenoctem.co (since www.carpenoctem.co has been verified by Cloudflare, Inc.)

Possible options:

• purchase SSL certificate from same company where carpenoctem.co is registered (if WHOIS is correct it's http://www.namecheap.com). If I see this correctly, it's 5$ a year. Link here. Certificates are rarely this cheap, needs further investigation.

Now, if we want to talk about more respected CA, here is list of cheaper ones:

• Thawte 123 SSL certificate - 149 USD/yr
• GoDaddy SSL certificate - 44.99 GBP/yr
• Network Solutions - 59.99 USD/yr
• RapidSSL - 17.95 USD/yr
• Sectigo - 149 USD/yr

Now, personally, think we need to go for price here and disregard CA status. We are not planning to open e-Commerce website.

[Didr]

• purchase SSL certificate from same company where carpenoctem.co is registered (if WHOIS is correct it's http://www.namecheap.com). If I see this correctly, it's 5$ a year. Link here. Certificates are rarely this cheap, needs further investigation.

Namecheap are just reselling Sectigo certificates, so no worries about that. Certificate prices have gone down a lot since the introduction of free, valid certificates (see Lets Encrypt or even Cloudflare). It's the new standard. Prices vary due to insurances, "validation level" and if you want to have a wildcard certificate or not.

[milivojm]

@Didr shall we pick Sectigo then? Is it hassle free to work with them?

[JamesTheClarke]

If @Shiny-CNTO and @Shadisica agree I can purchase the 5$ SSL certificate asap. Let me know here pls.

[Shiny-CNTO]

I vote we go for free. It might be some more work to setup but we can make documentation and do it each year ourselves. Like Didr said, there are plenty of free alternatives. We don't know if the 5 dollar one is any good or if it is trustworthy (I have never heard of the vendor). If we do want to pay there are so many vendors. I use https://www.digicert.com/ for example but it's 200 dollars per year. If we wanted paid I could have done this so long ago but since money doesn't grow on our backs, I think it's worth it investing some more hours into setting up a free certificate.

[milivojm]

https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates

Sectigo is number 3 on the list above.

I disagree about freebies. What's the point of free un-trusted certificate? We might as well and not have it at all.

[Didr]

Like Didr said, there are plenty of free alternatives. We don't know if the 5 dollar one is any good or if it is trustworthy (I have never heard of the vendor).

Comodo changed name to Sectigo, if Comodo rings any bells. They're good, no issues. We've used them at work but we're moving to Lets Encrypt now.

I disagree about freebies. What's the point of free un-trusted certificate? We might as well and not have it at all.

They're trusted. I just noticed we're already running Lets Encrypt on roster.carpenoctem.co and it works.

Personally I'd push for moving the DNS to Cloudflare, as this would also bring free certificates (without us having to run scripts on our servers) but also speed and bandwidth benefits to the HTTP mod repo. Although simple, it adds another system we have to know about.

[Shiny-CNTO]

They are not un-trusted. We used the free ones before and they work like a charm. And they are safe. Especially for our stuff since we hardly have any stuff on there or anything confidential.

[Shadisica]

@JamesTheClarke I'm not at home in this at all, I'll trust you guys' better judgement.

[JamesTheClarke]

I'm ok with a free certificate if it is sufficient for our purposes. My main goal is just to get this sorted as the issue has persisted for a long time now and once it's cleared up we fix two minor problems in one go: a.) no more warning messages for CNTR visits and b.) a permanent move of the repo to the game server without any error messages caused by missing certificates.

So if the free certificate can be set up fairly quickly and that process is being documented for future cert updates then free version is a good way to go. But if it takes long or cannot be easily repeated each year then I think spending 5 bucks per year (less than 50 cents per month) is a very minor cost for having this issue sorted for good.

@Didr I've just renewed our carpenoctem.co DNS with namecheap a few days ago, could it be easily transferred to Cloudflare or are there transferral fees involved?

[Didr]

@Didr I've just renewed our carpenoctem.co DNS with namecheap a few days ago, could it be easily transferred to Cloudflare or are there transferral fees involved?

@JamesTheClarke Yes, no issues and free of charge. With Cloudflare you do not transfer the domain, just the DNS management. This the corresponding view in Namecheap:

That'd be the area where you for example point priv.carpenoctem.co to a certain IP adress.

[milivojm]

Personally I'd push for moving the DNS to Cloudflare, as this would also bring free certificates (without us having to run scripts on our servers) but also speed and bandwidth benefits to the HTTP mod repo. Although simple, it adds another system we have to know about.

I like this idea.

[Shiny-CNTO]

Do it

[Shiny-CNTO]

Set up cloudflare and changed the name servers. It's going to take 24 hours for it to be active so we can check on Sunday and continue.

[milivojm]

Can we close this?

https://priv.carpenoctem.co now works.

[Shiny-CNTO]

We can close this. Can you open another issue and assign it to Clarke and me to move the repo from his NAS to the game server. Or do we want to wait with that with the info and discussion we had yesterday?

[milivojm]

We can close this. Can you open another issue and assign it to Clarke and me to move the repo from his NAS to the game server. Or do we want to wait with that with the info and discussion we had yesterday?

Let's discuss this next meeting. I'll close it meanwhile.