search

ember-engines / ember-engines.com

Step-by-step guides for using the ember-engines to create composable apps
http://ember-engines.com/
MIT License
22 stars 28 forks source link

https certificate is not secure #42

Closed ppcano closed 4 years ago

ppcano commented 5 years ago

Visit via https shows a certificate error

This server could not prove that it is ember-engines.com; its security certificate is from *.herokuapp.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

trentmwillis commented 5 years ago

Thanks for reporting! @stefanpenner you'll likely need to handle this (I think this article has relevant info).

stefanpenner commented 5 years ago

@trentmwillis thanks, will investigate!

villander commented 5 years ago

@stefanpenner any update on this? can I help you?

stefanpenner commented 5 years ago

@villander sure, would love a hand. But I don't believe I actually have access to the heroku app in question. So I am not sure what I can actually do.

I do believe I have access to the domain itself, but I don't think that gets us much to resolve the above issue.

@trentmwillis / @dgeb do any of you have access?

trentmwillis commented 5 years ago

I do. Let me know who I should give access to it and I can (just need an email address for each person which you can DM me on Twitter if preferring not to post it here)

villander commented 5 years ago

@dgeb can you fix this on heroku for us, please?

dgeb commented 5 years ago

@stefanpenner @trentmwillis @villander I will DM Trent my email and then look into this.

dgeb commented 5 years ago

Ok, Trent's given me access so the ball is in my court now ...

dgeb commented 5 years ago

According to the Heroku article that @trentmwillis linked above, I would expect this to be caused by our DNS pointing ember-engines.com to herokuapp.com instead of ember-engines.herokuapp.com.

However, it appears that we have the appropriate CNAME configured already:

$ dig ember-engines.com
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.10.6 <<>> ember-engines.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55484
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 4, ADDITIONAL: 8
;; WARNING: Message has 10 extra bytes at end

;; QUESTION SECTION:
;ember-engines.com.     IN  A

;; ANSWER SECTION:
ember-engines.com.  670 IN  CNAME   ember-engines.herokuapp.com.
ember-engines.herokuapp.com. 300 IN CNAME   us-east-1-a.route.herokuapp.com.
us-east-1-a.route.herokuapp.com. 27 IN  A   34.224.36.137
us-east-1-a.route.herokuapp.com. 27 IN  A   34.204.208.235
us-east-1-a.route.herokuapp.com. 27 IN  A   34.225.94.62
us-east-1-a.route.herokuapp.com. 27 IN  A   34.203.183.13
us-east-1-a.route.herokuapp.com. 27 IN  A   34.226.120.217
us-east-1-a.route.herokuapp.com. 27 IN  A   34.228.93.197
us-east-1-a.route.herokuapp.com. 27 IN  A   34.227.214.181
us-east-1-a.route.herokuapp.com. 27 IN  A   34.206.154.141

;; AUTHORITY SECTION:
herokuapp.com.      263 IN  NS  ns-662.awsdns-18.net.
herokuapp.com.      263 IN  NS  ns-505.awsdns-63.com.
herokuapp.com.      263 IN  NS  ns-1624.awsdns-11.co.uk.
herokuapp.com.      263 IN  NS  ns-1378.awsdns-44.org.

;; ADDITIONAL SECTION:
ns-505.awsdns-63.com.   52256   IN  A   205.251.193.249
ns-662.awsdns-18.net.   28888   IN  A   205.251.194.150
ns-1378.awsdns-44.org.  29265   IN  A   205.251.197.98
ns-1624.awsdns-11.co.uk. 29178  IN  A   205.251.198.88
ns-662.awsdns-18.net.   54912   IN  AAAA    2600:9000:5302:9600::1
ns-1378.awsdns-44.org.  1268    IN  AAAA    2600:9000:5305:6200::1

;; Query time: 42 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sun Feb 10 17:45:13 EST 2019
;; MSG SIZE  rcvd: 512

Although there are warnings about the message, it does appear that the DNS is correctly configured.

I think the actual problem is that the site is on unpaid dynos, and thus does not support SSL, as far as I can tell from the config here:

screen shot 2019-02-10 at 5 54 05 pm

@trentmwillis do you know if this site was using paid dynos at one point? Or has Heroku's policy changed?

@stefanpenner I'd be glad to set this up in a way consistent with other ember sites like https://ember-cli.com. Please DM to discuss when you have a chance.

trentmwillis commented 5 years ago

@dgeb it's never used paid dynos. In fact, I'm not sure it was ever properly served over https.

So, looks like without paying, you can only get SSL for the default herokuapp.com domains. For example, https://ember-engines.herokuapp.com/, works fine.

dgeb commented 5 years ago

@trentmwillis ah, thanks for the clarification! I was under the impression that something had changed and that https://ember-engines.com had been working at some point.

I guess we just need to decide how worthwhile https is for this site, whether anyone or company wants to fund it, and/or whether we should simply switch over to something more static like GitHub pages (perhaps using prember).

gabrielcsapo commented 5 years ago

Will this move over to github pages?

villander commented 5 years ago

still no! The heroku broken with prember, I reverted this commit.

villander commented 4 years ago

Thanks a lot for the hard work @gabrielcsapo