Comments (9)
HTTPS up and running via Lets Encrypt.
HTTPS handled by Hitch. Redirects handled by Varnish.
Refs: https://fnord.no/2015/11/12/letsencrypt/
from hnrss.
When I go to https://hnrss.org/newest with Firefox 51.0.1 the browser says "hnrss.org: connection is not secure" and "connection not encrypted. the website hnrss.org does not support encryption for the page you are viewing. information sent over the internet without encryption can be seen by other people while it is in transit." The URL https://edavis.github.io/hnrss/ works fine instead.
from hnrss.
Hi @fturco — Thanks for the report. I'll take a look. Few questions:
Does https://hnrss.org/newest work on other browsers?
Does the page totally fail to load or does it load but just with that error message? Because I do see this on Firefox 52.0.1 (macOS 10.12.3) but the XML still successfully loads:
What OS are you on?
Do you have any special security options set in Firefox?
Do other sites using LetsEncrypt give you any problem?
If you don't mind, could you send me your IP address? I see a handful of errors in the log and knowing which is yours could help. You can also email me ([email protected]) it instead of posting here, if you'd rather do that.
from hnrss.
I can successfully open https://hnrss.org/newest with GNOME Web, without any error messages.
In Firefox the XML page load successfully, just like in your screenshot.
My GNU/Linux distribution is Gentoo Linux.
I have a personal website which supports HTTPS via Let's Encrypt and I also have the same problem with its Atom feed: https://shaarli.fturco.net/?do=atom
I'm going to send you my IP address in private via e-mail.
from hnrss.
Thanks. I don't see your IP address in the logs, so whatever is happening isn't registering as a proper SSL error (which makes sense if the XML ultimately does load).
I see the same message as you on https://shaarli.fturco.net/?do=atom with Firefox.
Interestingly, your main site (https://shaarli.fturco.net/) and a static file I just put up (https://hnrss.org/.well-known/acme-challenge/test.txt) both show fully green padlocks. Whatever is happening appears to just be happening on the feeds.
Maybe when Firefox takes the feed and transforms the raw XML to the better looking list of articles, that's enough to flag it as not secure?
from hnrss.
It seems to be a bug with Firefox. See https://bugzilla.mozilla.org/show_bug.cgi?id=1172234
from hnrss.
This is because the content is loaded in a page called about:feeds, and that's what the identity popup uses to make decisions. It no longer has access to the security info of the original https channel, and so it can't tell us anything about the cert or otherwise.
Yeah, that's got to be it. Especially since other browsers handle the feeds fine.
I'm going to close the issue for now. Feel free to re-open if you run into any other problems.
Thanks!
from hnrss.
An email from Tom Hacohen on April 3:
Just wanted to let you know that it stopped working for me sometime over the last few days. I've been getting handshake errors, which while should work on android, apparently it doesn't work on Java according to the SSL test. https://www.ssllabs.com/ssltest/analyze.html?d=hnrss.org&hideResults=on
Have you changed anything?
Adding/reopening here to increase visibility.
I did change something around April 1. I was using Hitch for SSL termination (so Hitch:443 -> Varnish:6086,PROXY -> NGINX:8080 -> uWSGI) but I wanted to consolidate my stack so I changed it to use NGINX for SSL termination (so NGINX:443 -> Varnish:6081,HTTP -> NGINX:8080 -> uWSGI).
Not sure how to fix at this point. Going to do some research and work on this later.
from hnrss.
Ran hnrss.org through ssllabs.com again and looks like only Android 2.3.7, IE8/XP, Java 6u45, and Java 7u25 still have issues.
If this move to HTTPS broke something for you, feel free to chime in with changes. I won't introduce massive changes to support some ancient platforms, but if it's a small/safe tweak I'd be happy to look into it.
from hnrss.
Related Issues (20)
- Special Character problem HOT 2
- Disable Description element HOT 2
- Can we get more specifics on number of calls we can make in a given timeframe? HOT 1
- Count not working for alternative feeds HOT 1
- Top rated posts over time period
- Add feed preview HOT 1
- Invalid search results erors from Algolia. HOT 1
- Add option to exclude results with links to paywalled domains HOT 1
- "?description=0" isn't excluding the description element
- Frontpage stopped updating? HOT 1
- New comment by ... in "" HOT 1
- User's favorite comments? HOT 1
- Advanced search feed
- RSS feed for Daily HN digest HOT 2
- Old posts showing up in feed HOT 9
- Second Chance Pool stories are getting missed HOT 3
- Rate Limit very aggressive HOT 2
- using 'count' with Search Parameter not working HOT 1
- Am I rate-limited or blocked? HOT 1
- Count param not working with user's favorite stories HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hnrss.