The Doll Forum

Hello!

I'd like to remind you that your SSL certificate has expired on Apr 19th.
Letsencrypt only seems to issue short-lived certificates valid for 90 days but setting up automated renewal should be easy.

Hi Hoorai,

You'll get this message if you use https: // dollforum.com (link disabled intentionally)
Please use http://dollforum.com

We are planning to use SSL in the future and the https site is only for testing, it's not supported yet. We'll post a formal announcement as soon as SSL is supported, but this might still take a little while as we have some other stuff on our list before this.

Our credentials used to log in have always been sent in cleartext. That's why I don't use my primary passwords used for banks and other important sites.

I've used a free SSL provider called StartSSL for my personal server.
There's also self-signed. Self-signed SSLs are still SSLs and provide a equal level of protection, they just aren't verified by an official CA.

Looking forward to seeing SSL implemented here.

What exactly is the drawback of using SSL on this site?
I've been doing it since January without running into any trouble. There's unencrypted external content but login seems secure. Or am I missing something? What's not implemented yet?

Hourai wrote:What exactly is the drawback of using SSL on this site?
I've been doing it since January without running into any trouble. There's unencrypted external content but login seems secure. Or am I missing something? What's not implemented yet?

There are no drawbacks other than having to keep up with when it expires, a small hit to site performance, and, if it's a SSL verified by a CA, there is a monthly fee to keep it verified.

Obviously.
But regarding the average user I just wondered why it was recommended to use the unencrypted site instead when https appears to work fine.

Sorry about that expired cert. I was playing around with it, got side tracked a few times, and when I went to renew, it didn't work, so need to setup again. LetsEncrypt does not (or did not) support Cpanel, so the install had to be manual after the renewal. But I'll be circling back to it very soon; hopefully, I get some time this weekend, figuring out a way to have it automated, and auto restart httpd to reload the cert every month or two.

So in playing around with LetsEncrypt, I was able to do a one-off cert, copying the cert in manually. then I couldnt get it to renew (most likely because I came back to it about 2 months later, and forgot what I had done).
This time around, I installed it in a more-official manor, so it renews and restarts httpd when a new cert is issued. So we'll see if it lasts past Aug 27th this time... =)