No smilies, no avatars, no flashing gifs. Just discuss the issues of the day, from last night's telly via football to science or philosophy.
Started by esmeralda on Oct 2, 2021 4:31:18 PM
your connection is not private ...

Does anyone know what the hell Chrome is playing at since yesterday? betajustthetalk is completely offlimits unless I disable my defences. So I'm currently on old justthetalk.

It won't let me look at most of the interesting shopping websites - Safari lets me look at some, but freaks out if I try to buy anything - and both claim (so far untruthfully) that "network errors and attacks are usually temporary, so this page will probably work later".

esmeralda - 02 Oct 2021 16:32:30 (#1 of 64)

Someone is trying to force other someones to conform to a certain standard of website security?

AdonisBlue - 02 Oct 2021 16:34:01 (#2 of 64)

Yes! I'm having similar Chrome issues. It's seems to have updated to a new version with a pale blue band showing its loading at the top.

AdonisBlue - 02 Oct 2021 16:34:29 (#3 of 64)

It's also lost all my favourites etc on my regular websites like this one.

guigal - 02 Oct 2021 16:34:58 (#4 of 64)

I've got an email message that Spamhaus is blocking a recipient address. Who are they?

upgoerfive - 02 Oct 2021 16:36:49 (#5 of 64)

Ditch Chrome.

It's Google's attempt to totally dominate the WWW, and shouldn't be encouraged.

esmeralda - 02 Oct 2021 16:38:04 (#6 of 64)

Google's attempt to totally dominate the WWW

That's what I thought. But what is the alternative? And also, why is this not being reported and complained about more widely?

tasselhoff - 02 Oct 2021 16:40:35 (#7 of 64)

It's not about domination, it's for only allowing https sites (I think you can change it, but I wouldn't).

tasselhoff - 02 Oct 2021 16:42:17 (#8 of 64)

Try connecting to maybe?

OldLefty - 02 Oct 2021 16:44:12 (#9 of 64)

Re: Connection is not private message

I had that on my own website this morning on both Chrome and Firefox. I traced it to the browsers looking on GoDaddy (it's hosted on TSO) rather than Let's Encrypt for the security certificate - no idea why they did that as I hadn't changed anything. Half an hour later it fixed itself. I was blaming TSO.

esmeralda - 02 Oct 2021 16:49:29 (#10 of 64)

That, tass, is exactly what I cannot do.

OldLefty - 04 Oct 2021 10:53:04 (#11 of 64)

Looks as if the problem was with Let's Encrypt.

You can't trust anyone these days.

tasselhoff - 04 Oct 2021 10:55:15 (#12 of 64)

Yeah, I was going to suggest that, but thought it only affected the likes of ancient android versions client-side (or ancient ACME LetsEncrypt clients server-side).

TheExcession - 04 Oct 2021 11:03:52 (#13 of 64)

There's something a little shady about letsencrypt. We had a company wanting to use them to supply certificates for RDS solutions in the schools they support and in which we maintain the firewalls. However, letsencrypt refuse to provide any information on which IP addresses, domains, or even geographical territories their services use.

'No' was the considered answer.

tasselhoff - 04 Oct 2021 11:58:59 (#14 of 64)

LetsEncrypt are responsible for democratising secure web transport. Maybe they just didn't have a fixed set of IPs you could whitelist. Your RSA, DH private keys etc are still stored locally.

TheExcession - 04 Oct 2021 13:13:51 (#15 of 64)

It was the request to allow inbound traffic from any IP on the internet to allow the certificates to refresh that we denied. We have geographical blocks in place for a reason.

tasselhoff - 04 Oct 2021 13:20:01 (#16 of 64)

The connection is initiated by your server, so they don't need an inbound connection.

I first got one of their certificates on a raspberry pi with no firewall rules for inbound traffic in 2015. I still have one, and it still requires no inbound connections.

tasselhoff - 04 Oct 2021 13:25:52 (#17 of 64)

However, not allowing access to port 80 or 443 may be a stumbling block. But it's meant to be for public-facing web servers anyway. If you just want something internal, use your own CA.

dmlc133 - 04 Oct 2021 12:34:24 (#18 of 64)

My experience is similar to tasselhoffs - no inbound connection required.

There's nothing shady about LetsEncrypt. They are understandably cagey about sharing details of their infrastructure because there are many people (including State-sponsored groups in some parts of the world) who would like to be able to stop them providing reliable encryption tools to anyone who wants them.

A bit embarrassing for an organisation like theirs to have a cert expiry related outage but these things happen, and are process not tech issues.

tasselhoff - 04 Oct 2021 13:36:13 (#19 of 64)

They'd been warning about the revocation for ages though.

airynothing - 04 Oct 2021 13:36:28 (#20 of 64)

I'm still getting the problem, though only on Firefox.

Check Subscriptions
Home » IT & Computers