Forum Cert Refresh

Hi All - a quick note re ssl cert for forum site.

A user reported tonight that the ssl certificate needs a refresh. This is a separate certificate from our main site and uses a different, third party provider for the forum vendor server.

For now, you can use safari in iOS 13 and ack the warning message to get access. Firefox has a similar ack option.

We’ll refresh it over the next week after a couple other changes.

Thanks all.

The current version of Firefox does not have a similar option on Windows and OSX. With Firefox on Linux, iOS, and Android you can make an exception along with Chrome on Windows.

Billmeek - yes, confirm we’re viewing and posting this now with Firefox on iPad ios13.

Is this related to the order status page not displaying correctly?


It’s due to a separate cert that was from another vendor, comodo, that handled the subdomains *

Those are all served by aws ec2 just like our main site. So we’re moving them over to acm like the main site, but we have to redo some plumbing and earlier keys. That’s got some legwork between all the different dev’s to get the permissions set right.

Finally found a way to get on - using the Aloha browser. Seemed appropriate :grinning:

I was doing some checking a few days ago because awhile back my order status page changed from summer to fall. But someone told me theirs still said summer. In both Safari Technology Preview and in Firefox, mine said “fall”, but in plain Safari, it said “Summer”. Very strange. Is this related to the certificate problem? Still would seem odd. Especially since we are already past Summer!

Dbk - that may have been a cached image from before our update.

Btw - ios13 Safari on iPhone gives you the option to view, as does Firefox on iPad.

Others are reporting that Catalina lets them view as well.

Here are instructions for Safari on a Mac, though it does require enabling developer tools:

Another easier option, per Jarius suggestion, is to use private mode in safari.

Then safari will give you the option to view non-ssl.

Per Jarius observations -

Incognito mode in Chrome on Windows/iOS/OSX allows you to continue to website (advanced options) without ssl.

Safari’s private mode works as well (OSX).

Edge and Firefox (windows) work without any workaround (just need to accept that the cert is not valid).

In Firefox, click the “Advanced” button, then click the “Accept the Risk and Continue” button. The irony is that anyone who is reading this has already figured out how to reach this site.

Uniquenospacesshort - yes, irony at its best.


Does this also affect the function of the TextBlade app for Treggers?
I’m having difficulty updating my settings, and I suspect that it’s because it can’t upload my settings to the cloud server.

1 Like

Stub - yes, forum, orders, + app each use individual domains under the * sub domain cert, and those are each being switched over to updated servers with new ssl certs.

New aws acm certs have already been provisioned now, and now we’re changing the detailed security plumbing so they all synch up and cross-check with new certs. Should be accessible smoothly next week.

1 Like

Explains why some TextBlade in-app tests no longer complete to 100%.

Gmadden - yes, provisioned by same group of servers and certs, so should be available once we’ve finished the reconfig.

1 Like

Ok, that’s better. Hope you guys can see this now.

We’ve got a couple more steps to fully secure everything, but looking a whole lot better.


Note - Photos not linking yet, so we’ll work on debugging that.

FYI - version of Discourse forum software has been upgraded to migrate entire posting database. There’s one more upgrade we’ll do from this waypoint, which will take us to the latest and greatest version.

But you can already see some look and feel changes to the UI.

Note that photo-icons will get updated when we finish debug of the photo database files.

awh_tokyo - A couple notes - we got both ACM and Godaddy certs.

Turns out you can’t use ACM for discourse even when it’s hosted on ec2, because of the way the cert gets installed into the discourse instance.