Corben78
commented
9 years ago The actual certificate is a level 2 cert. Only level 1 certs are for free from StartCom. This certificate is also used for murmur. Will buy a new one until november.
Closed johndrinkwater closed 7 years ago
Corben78
commented
9 years ago The actual certificate is a level 2 cert. Only level 1 certs are for free from StartCom. This certificate is also used for murmur. Will buy a new one until november.
johndrinkwater
commented
9 years ago Need to make a new bug → make /donate
johndrinkwater
commented
9 years ago https://www.ssllabs.com/ssltest/analyze.html?d=steamlug.org
Things resolved by a new cert:
Things that we should attempt to tweak on current server:
Corben78
commented
9 years ago RC4 in apache2 cipher suite now disabled: The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.
johndrinkwater
commented
9 years ago 👍
johndrinkwater
commented
9 years ago We are now a month from the cert expiring. With letsencrypt getting very ready to rollout, it may be worth going with them for it, so have registered for the beta (I think I may have done this at a previous date, but repeated the registration just in case).
Corben78
commented
9 years ago Another confirmed working and free CA is wosign. They are subcerted by StartCom though. Which one to choose?
johndrinkwater
commented
9 years ago I do not have a preference :) Just waking up the bug as it had been a few months, and noted a possibility.
Corben78
commented
8 years ago Certificates for steamlug.org and mumble.steamlug.org generated and signed by wosign. The free certs are valid for one year. Valid until 2016-11-27
dscharrer
commented
8 years ago archive.steamlug.org is still showing an invalid cert btw
meklu
commented
8 years ago It'd probably be good to have that as one of the alternate names in the cert.
dscharrer
commented
8 years ago those don't tend to come for free though
Corben78
commented
8 years ago Created free certs for all subdomains seperately: archive.steamlug.org dev.steamlug.org data.steamlug.org staging.steamlug.org
Corben78
commented
7 years ago Switched completely to Let's encrypt. Certs are updated automatically by Froxlor for all web domains. Only mumble.steamlug.org will have to be done manually, and the service needs to be restarted then.
This is a tracking bug for our cert expiring on 2015-11-25.
Currently our site is triggering a warning in Firefox web console with this message: This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
Recommended action is: When the time comes to replace your certificates, ensure a stronger signature algorithm is used.