Just started getting a lot of bad certificate errors for another domain, this time there's no option to accept it.
The result is the forum pages are badly formatted with half the stuff not showing or working.
Guess it's near the end for me here.
Re: Certificate problem
Just started getting a lot of bad certificate errors for another domain, this time there's no option to accept it.
The result is the forum pages are badly formatted with half the stuff not showing or working.
Guess it's near the end for me here.
Re: Certificate problem
Which browser are you on? Latest firefox and chrome give me no errors.
Is the domain you are getting as an error one of these two? cdn-forums.emulator-zone.com ezforums-2926.kxcdn.com
...
Re: Certificate problem
It was for the 2nd url.
No errors on this visit, but the formatting is still screwed up and no pictures show (avatars, smilies, banner etc).
Still using the old version of Firefox as noted earlier.
Re: Certificate problem
GHDpro was doing some late evening tweaking with a CDN system (using that domain) that is supposed to speed up things.
Also, I keep forgetting that you use that "ancient" firefox version. The problem is that the server is now using http/2 as well and according to this wiki firefox added support from version 34.
...
Re: Certificate problem
It never did support web standards at its own time in 2001 either.Originally Posted by Lefteris_D
Oh, and no IE7 either, only 0.2% usage out of IE usage currently. IE8's still something like 10% but that's because of the people with XP and Vista without SP2 mainly, so that's probably a bare minimum.
Firefox 3.6 is probably worth supporting though because it was the last firefox which was actually good. FF4 and beyond turned it into a memory-leaking POS which is like one of those crappy pirate NES games, copying Chrome. (I'm not speaking of Hummer Team's pirate games though, they're pretty good).
Re: Certificate problem
Sorry about that. I recently implemented a CDN for the forum, which should hopefully speed things up.
Here is the technical explanation:
The initial domain for the CDN was ezforums-2926.kxcdn.com (which is the standard URL supplied by my CDN provider), but as that obviously doesn't look very pretty I changed it to cdn-forums.emulator-zone.com a few days later.
The problem is twofold: first as the forum is now HTTPS only, the CDN also needs to support HTTPS (which it does), second even though the URL changed, behind-the-scenes your browser is still being redirected to ezforums-2926.kxcdn.com (using a "CNAME" DNS record).
HTTPS is very strict as to what certificate is valid for which URL. So when I was using ezforums-2926.kxcdn.com as main CDN URL it a returned a SSL certificate valid for *.kxcdn.com (a so-called wildcard certificate), but when I switched the URL I supplied my own SSL certificate valid for cdn-forums.emulator-zone.com.
Due to the new URL essentially being redirected to the old URL in reality, it means ezforums-2926.kxcdn.com now returns the SSL certificate for cdn-forums.emulator-zone.com. This is fine if you access the CDN zone through the new URL, but using the old URL you will now get certificate errors. (If you copy the old CDN URL into Firefox you can see this for yourself)
--------------------
I have changed all references to the old CDN URL. If you refresh the page it should load all static assets (javascript and images incl. avatars) from cdn-forums.emulator-zone.com
If you find a page that even after reloading still references ezforums-2926.kxcdn.com please notify me, this really shouldn't happen.
Btw, while I did recently enable http/2 on this server (which should make things faster for browsers that support it), old browsers will continue to work just fine (but won't be able to benefit from http/2).
Re: Certificate problem
Firefox has done some things in recent versions I'm really unhappy with, including the style change and including crap nobody asked for ("Hello" and "Pocket"). But I still prefer it over Chrome, mainly because I've been using FF for such a long time (since 2003/2004, which is before version 1.0). And fortunately most of the new style can be reverted with the Classic Theme Restorer plugin.
My opinion as an independent developer: I'll try to make sure things work and look pretty on current browsers. On older browsers (to an extend) most things should still work but may not look pretty. However if they don't work: upgrade.
Firefox 3.6 on Windows 2000 should work, in theory. But sorry you can't expect me to make sure it works. I just hope it still does.
Re: Certificate problem
OK. I just visited here (https://forums.emulator-zone.com), and received 3 popups for invalid certificate. The forum looks the same as before, no images.
I opened a new tab and went to https://cdn-forums.emulator-zone.com and the connection is untrusted. The error is:
It gave me the option to accept the certificate, which I did, and the images appeared.cdn-forums.emulator-zone.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.kxcdn.com , kxcdn.com
(Error code: ssl_error_bad_cert_domain)
So I think the best thing is to change my bookmark to point at this new URL.
Last edited by Robert; December 16th, 2015 at 02:29.
Re: Certificate problem
First cdn-forums.emulator-zone.com should not be considered the "new" URL for the forum; it's the CDN URL mainly intended for serving static files. As it is a so-called "pull zone" (reverse proxy) it will display pages too, but some features of the CDN might cause weird things, such as possibly the inability to login as the CDN should strip all cookies from requests.
Now on to the issue: what you are seeing is weird and not what I'd expect. You see I get the exact opposite. cdn-forums works fine (SSL Server Test result), the old kxcdn.com URL no longer does:
As you also had the same issue with the forum SSL certificate which also uses SNI (Server Name Indication), I suspect the problem is your browser doesn't support SNI. Either that or for some weird reason SSL certificates are being cached.Code:ezforums-2926.kxcdn.com uses an invalid security certificate. The certificate is only valid for the following names: cdn-forums.emulator-zone.com, www.cdn-forums.emulator-zone.com
What does this site say? https://sni.velox.ch/ (SNI browser test)
Here are two other sites that use SNI, do you also get a certificate error on these sites? (content of these sites is otherwise unimportant)
https://visei.com/ (SSL Test)
https://community.letsencrypt.org/ (SSL Test)
If these tests suggest SNI isn't working, then sorry there isn't much I can do. In theory I could fix the forum (by making the forum SSL certificate the default for the server), but I can't fix the CDN as it is out of my hands.
And brace yourself as a lot more sites might start to break now that Let's Encrypt is in public beta and more people will deploy SSL on their sites, often using SNI.
Re: Certificate problem
https://sni.velox.ch/
sni.velox.ch uses an invalid security certificate.
The certificate is only valid for the following names:
alice.sni.velox.ch , carol.sni.velox.ch
(Error code: ssl_error_bad_cert_domain)Unfortunately, your client [Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24] did not send a TLS server name indication extension (RFC 4366) in its ClientHello (negotiated protocol: TLSv1, cipher suite: AES256-SHA), so you're probably getting warnings about certificate name mismatches.
https://visei.com
visei.com uses an invalid security certificate.
The certificate is only valid for defiant.visei.net
(Error code: ssl_error_bad_cert_domain)
https://community.letsencrypt.org
Seems SNI not working on this browser.community.letsencrypt.org uses an invalid security certificate.
The certificate is only valid for the following names:
*.discourse.org , discourse.org
(Error code: ssl_error_bad_cert_domain)
Last edited by Robert; December 16th, 2015 at 14:29.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
Originally Posted by Lefteris_D
