Open aterrel opened 3 months ago
FYI here is the full email
Headers:
Seems like this will affect a minority of users so we will just monitor and change CAs if required after the switch in May.
Have not heard of any consequences. Will leave up for another month.
I think this might be affecting scverse.org? Our site is down due to ssl certificate and we were recently moved to cloudflare
@ivirshup It looks like scverse.org was set up to do encryption all the way to your server. I switch to only encryption to cloudflare and unencrpyted to your server and the page is now reachable. If you want encryption all the way to your server we will need to get your keys figured out so it's the correct key going through cloudflare.
Thanks so much! I'm still a little confused about what happened to make this stop working/ why it was working before. Was cloudflare always encrypting the whole thing, and did that work before?
Right now on our GitHub pages settings page I see that there's an error getting a TLS certificate (which stays even after I try restarting the process):
Which looks like it could be addressed by changing the records to not be proxied? Though I unfortunately don't think I have access to the records since we moved registrar from Namecheap to cloudflare.
Partially related, it looks like another of our subdomains (muon.scverse.org) is getting "too many redirect" errors. This had come up when we first moved to cloudflare but @martey fixed by "telling [cloudflare] not to send insecure HTTP requests".
I'm starting to suspect this is unrelated to the cloudflare change at the top of this issue, and was just due to our GitHub pages letsencrypt certificates expiring once we had switched to cloudflare.
well the redirects happen when you redirect http requests to https. I'll have to find some time to debug, but if you can turn off https redirect on muon.scverse.org it should work :)
Is HSTS configured for the two sites? Then the HTTP→HTTPS redirect is no longer that necessary.
But without HTTPS, people typing scverse.org
into their browser will send a HTTP request that needs to be redirected.
Moving this ticket to #40
Email to Bryan V (Bokeh) from Cloudflare
Need to investigate and see if there is any impact to our users.