valheimPlus / ValheimPlus

A HarmonyX Mod aimed at improving the gameplay and quality of life of the game Valheim.
http://valheim.plus
GNU Affero General Public License v3.0
967 stars 237 forks source link

[BUG] ValheimPlus website: expired certificate #698

Open schrer opened 2 years ago

schrer commented 2 years ago

Describe the bug The certificate for the website https://valheim.plus is expired (since end of March 21st). The site is linked in this repository, so I assume it is still the official site for the mod. The expired cert made me a bit unsure if the mod is still being actively developed, which seems to be the case (haven't played the game in a while, so not totally up to date :slightly_smiling_face: )

To Reproduce

Steps for the devs to reproduce the behavior:

  1. Go to https://valheim.plus in any browser
  2. You will be presented with a warning that the SSL certificate of the site expired (unless you already acknowledged the expired cert earlier)

Expected behavior

The SSL cert should be valid, non-expired and the browser should be able to just open the site without any warnings necessary.

nxPublic commented 2 years ago

Yes, I am aware~ sorry for the inconviences. I am in progress of resolving this with the hosting company responsible. We all know how great, nice and very competent hosting companies are in general.

benz145 commented 2 years ago

Any word on this? My players aren't going to want to install the latest version of the mod if they are getting that warning when they go to the site.

snips86x commented 2 years ago

Any word on this? My players aren't going to want to install the latest version of the mod if they are getting that warning when they go to the site.

Either work around it, or don't install it. No need to be passive aggressive. There is obviously a reason it's not been done so be patient.

schrer commented 2 years ago

IMHO benz' comment doesn't sound passive aggressive, he is just asking if there is any update.

@nxPublic Although I assume there is not much someone from outside the project can do here, if there is anything around the cert where you could use help, I'd be happy to help out.

kirashi3 commented 2 years ago

@nxPublic any update on the website SSL certificate? We're not privy to how the website's hosting environment is configured of course, but even my inexpensive shared hosting running cPanel can renew Let's Encrypt SSL certificates in about 30 seconds.

If you need a hand dealing with the website and trust random strangers on the internet, feel free to ask for assistance. :)

tannertechnology commented 2 years ago

All CPanel servers have access to free Comodo certs as long as the host doesn't disable it. You need a better host if they can't help with this.

ersan commented 2 years ago

Honestly an expired certificate should have taken 3 minutes to fix not 3 months, it's pretty obvious they don't care about the site - which is a shame, it has a nice design and is great for onboarding.

MTecknology commented 2 years ago

Yeah, this seems to say more about the health of the project than anything else could. I wanted to give the plugin a try, but this issue /still/ being unresolved is the last red flag for me. Imagine if there were an actual security vulnerability ...

bennysp commented 2 years ago

The good news is that there is an update to the plugin 4 days ago itself, so the plugin/project has attention. Yes, understood, repackaging, but still attention given.

I agree more with @MTecknology that it puts the question in health of the project more than anything for me.

The actual plugin you install is from Github.com itself. It is here on github and opensource for all to see.

@nxPublic , please let us know if you need any help in the area of the SSL cert for the storefront site. Appreciate the work.

Thanks

andrewgdunn commented 2 years ago

@nxPublic if the site is static could move the sources into a repository and deploy with something like cloudflare pages.

If willing to make the site a repository I'd be happy to assist in maintenance.

Shigbeard commented 2 years ago

bit of a necropost but wouldn't it be wiser to switch to self-hosted / non managed hosts and utilize lets encrypt for ssl?

daerSeebaer commented 1 year ago

To pile onto this: A friend of mine went to another website and downloaded an older and possibly malware infested version of V+ because the other website seemed more trustworthy. An invalid SSL cert is a huge red flag in todays internet.

And to repeat the offer by others in this thread - @nxPublic if you need help with hosting your website, I also have webhosting experience. Just reach out.

DerfOh commented 1 year ago

At what point do you buy a new domain? It sounds like @nxPublic is having the worst experience imaginable with their host.

Hulkmaster commented 1 year ago

thats why i usually host myself on digital ocean for, like, 5euro/month there you can just do your own cert with letsencrypt, create cron for update and thats it

and yeah, still is an issue :)

nxPublic commented 1 year ago

Website might be unavailable and only redirect to this GitHub repository. Resolving this issue is in progress now.

IMBeniamin commented 1 year ago

Temporary unofficial hosting for the website Valheim.Plus Unofficial Website

Hulkmaster commented 1 year ago

Guys, if you need help with certificate, I can help you set up letsencrypt + autoupdate, just write me