search

Kinto / kinto-website

Website for the kinto ecosystem
http://www.kinto-storage.org/
2 stars 5 forks source link

Bad HTTPS #17

Closed FLamparski closed 7 years ago

FLamparski commented 7 years ago

On https://kinto-storage.org: Certificate served is for *.lolnet.org, not *.kinto-storage.org

On https://www.kinto-storage.org: Certificate served is for a bunch of GitHub domains

Please fix. It's a Mozilla project, just make it use Let's Encrypt or something.

n1k0 commented 7 years ago

Wow yes indeed we need to act on this asap. Can't we just use gh-pages? /cc @natim @leplatrem @almet

Natim commented 7 years ago

I think you cannot use https with github pages and a custom domain. Why do you think http://www.kinto-storage.org should be served as HTTPS? It is a static page, there is no form nor any data going from the user to the server?

Natim commented 7 years ago

Here is the initiative you need to participate on if you want to ask @github to support https for Custom Domains. https://gist.github.com/coolaj86/e07d42f5961c68fc1fc8

DirtyF commented 7 years ago

FYI, Netlify supports Pelican, it's free for open-source projects and use LetsEncrypt certificates with auto-renewal. You just link your GitHub Pages repo and you're done: https://www.netlify.com/blog/2015/10/15/a-step-by-step-guide-pelican-on-netlify/

Natim commented 7 years ago

Ok I am working on it, just need to configure the DNS.

Natim commented 7 years ago

DNS set I need to wait for DNS propagation before actually being able to configure HTTPS

Natim commented 7 years ago

And to answer my previous question about why we need HTTPS:

Why HTTPS?

HTTPS is important, even for static sites.

SEO: Google gives an SEO bonus to sites with HTTPS support. Analytics: You will only see inbound refereres from sites using HTTPS if your own site use HTTPS. Control: Some WIFI providers will try to inject their ads into your site. HTTPS protects you and your users. Performance: Modern browsers support HTTP 2.0, only for sites with HTTPS enabled. For some sites HTTP 2 can give significant performance improvements.

Natim commented 7 years ago

It should be fixed :) https://www.kinto-storage.org/

almet commented 7 years ago

Cool, thanks !

dlecan commented 7 years ago

https://www.kinto-storage.org/ is broken again :-(

www.kinto-storage.org uses an invalid security certificate.

The certificate is only valid for the following names:
*.netlify.com, netlify.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN
Natim commented 7 years ago

I just checked the netlify configuration and it should be working. I filed a request to the support.

Natim commented 7 years ago

Ok it is now fixed.

dlecan commented 7 years ago

Yes, fixed