[FIXED] forum.dd-wrt.com SSL certificate has expired

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
ddux
DD-WRT Novice


Joined: 25 Sep 2023
Posts: 25
Location: 'Straya

PostPosted: Sun May 05, 2024 4:40    Post subject: [FIXED] forum.dd-wrt.com SSL certificate has expired Reply with quote
This is not really a question, just letting you know...hope that helps.


dd-wrt.com_ssl-cert_expired.png
 Description:
dd-wrt.com ssl certificate has expired
 Filesize:  133.68 KB
 Viewed:  818 Time(s)

dd-wrt.com_ssl-cert_expired.png


Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14540
Location: Texas, USA

PostPosted: Sun May 05, 2024 4:45    Post subject: Reply with quote
I already emailed the site admins. There is really no need to open a ticket or topic about this, it's a routine thing, Let's Encrypt certificates are what is used, and they are only valid for 90 days. It happens for the main website, forum., wiki., support., download., etc. all the time. The sites aren't set to auto-renew, I presume. Examples of previous 'helpful notifications':

https://forum.dd-wrt.com SSL certificate expired (RESOLVED)

Firefox 80 warned about DD-WRT's website

[Solved] https ERROR on firmware download pages

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
ddux
DD-WRT Novice


Joined: 25 Sep 2023
Posts: 25
Location: 'Straya

PostPosted: Sun May 05, 2024 9:12    Post subject: Reply with quote
Wow, 90 days is pretty short. Fair enough. Thx.
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Tue May 07, 2024 8:51    Post subject: Reply with quote
Actually I did want to open this topic, again. But since a forum error was so visible affecting everyone, I chose silence. Smile
Code:
# chkcrt forum.dd-wrt.com
issuer=C = US, O = Let's Encrypt, CN = R3
subject=CN = forum.dd-wrt.com
notBefore=May  6 12:21:02 2024 GMT
notAfter=Aug  4 12:21:01 2024 GMT
#
# cat .profile
....
function chkcrt() {
  #
  # $1 should not be prefixed by "https:\\", just domain name
  #
  echo | openssl s_client -connect $1:443 2> /dev/null | openssl x509 -noout -issuer -subject -dates
}
...
#

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14540
Location: Texas, USA

PostPosted: Tue May 07, 2024 17:09    Post subject: Reply with quote
Now whether or not to collect all past previous and current thread links and make a sticky or announcement that will get ignored per the usual bane of this forum and community Rolling Eyes. "The freedom to post and discuss" intersects with unnecessary noise in this case, as always. I'm sure I am not the only one who has inquired about or suggested automatic renewals of the certificates if the Let's Encrypt dashboard has the functionality. There is also the option of using certbot. The question is, which http server and age of OS is in use, as that may or may not be relevant. For example, Trac doesn't necessarily require an http server. Not knowing certain details, including domain registration validity, I can only publicly or privately suggest so much...

automatic renewal of lets encrypt certificates on servers - duckduckgo

automatic renewal of lets encrypt certificates on centos servers - duckduckgo

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Fri May 10, 2024 4:11    Post subject: Reply with quote
kernel-panic69 wrote:
Now whether or not to collect all past previous and current thread links and make a sticky or announcement that will get ignored per the usual bane of this forum and community Rolling Eyes. "The freedom to post and discuss" intersects with unnecessary noise in this case, as always.

A sticky thread collecting all posts about SSL cert. expiration might be good, if someone has the time. Should not have been difficult if you knew the database structure/schema of the forum software.

It's not whether certificate renewal was automatic, but whether website administrators are aware of certificate expiration, and check email from Let's Encrypt.

One simple solution is to make *ALL* DD-WRT SSL certificates to expire on the SAME date AS the FORUM. Then you will always notice an expiration, visually and easily. Then you run a script to renew them all at the same time. Wink

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14540
Location: Texas, USA

PostPosted: Fri May 10, 2024 4:59    Post subject: Reply with quote
If everything were on a single IP (and they aren't), then the ideal solution is to have a single certificate for all domain hosts. There are only two certificates covering, and they are on different dates, as best I recall. Again, more useless noise. Topic is a well-beaten dead horse in the middle of a smoldering trash can fire. Anyhow, I think I have most all of the topics and tickets bookmarked already, so gathering them isn't a problem. The problem is, I could put a flashing sign on the door and people would still ignore it and open a new topic or ticket anyway. And that is where I will end my thoughts. Peace.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1889
Location: Hung Hom, Hong Kong

PostPosted: Sun May 19, 2024 6:21    Post subject: Reply with quote
kernel-panic69 wrote:
If everything were on a single IP (and they aren't), then the ideal solution is to have a single certificate for all domain hosts. There are only two certificates covering, and they are on different dates, as best I recall.

I learnt from another forum that there is indeed something called ....

let's encrypt wildcard cert - Google Search
https://www.google.com/search?q=let%27s+encrypt+wildcard+cert

Wildcard certificate - Wikipedia
https://en.wikipedia.org/wiki/Wildcard_certificate

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum