And…. we’re back

Topic

New Reply

The AskWoody site is no (finally!) back and working. Those of you who poked holes into your browsers may want to revert them. Many thanks to Drew, Dou
[See the full post at: And…. we’re back]

Total of 28 users thanked author for this post. Here are last 20 listed.

Morty, Cartoonist Aaron, Bill C., AlphaCharlie, LH, deuce120, johnf, mcbsys, Noel Carboni, alpha128, Demeter, rontpxz81, SueW, Heavenly, twbartender, Seff, Pepsiboy, FakeNinja, AusJohn, Microfix

Reply | Quote

Replies

Yep.  All clear here.

Reply | Quote

Hoorah!   Glad that nonsense is over.

Reply | Quote

Good to see things back up!

However, as noted on another thread here on AskWoody, the cert is still only good for about three months, expiring on October 17th, 2018 at 6:31 P.M. CDT, Central Daylight Time.

The U.S. is scheduled to stay on daylight savings until the first Sunday in November.

The above info about the cert is from Firefox 61.0.1.

Now, where’d I put my box of MS patches of patches for July…???

EDIT: Fixed link

Reply | Quote

Yep, and I’m assured (fingers crossed) that the cert will auto-renew this time. Like it was supposed to last time.

Sigh.

5 users thanked author for this post.

walker, SueW, satrow, Kirsty, Elly

Reply | Quote

Excellent picture! #roflmao

Reply | Quote

Welcome Back, Woody!!

Reply | Quote

It’s showing an expiration date of Oct 17, 2018.  I would have thought that the next renewal would have been pushed out a bit longer.  

Reply | Quote

Welcome back, Woody!  <thumbs up>

It’s great to be able once again to visit via my favorite browser (Pale Moon) without having to jump through hoops.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

So you got 3 months to get it worked out next time. I assume you went with the short time just to get something up and running, while you look for solutions that will keep this from happening again.

Unfortunately, I’m not quite sure how to undo the hole. Now that the certificate is valid, the option isn’t showing to remove the override on the site properties. I’ll probably look up how to do it, but I’m on Chrome on Win7 if anyone knows the instructions, or knows for sure that it’s clear.

Reply | Quote

I think we need a post on Let’s Encrypt   As I understand it they only do a 3 month cert and — assuming it’s set up right — it’s supposed to auto renew.

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

Noel Carboni, SueW, satrow, columbia2011, woody

Reply | Quote

Yes, I agree. I’d like to learn more how an organization that’s supposed to be about ensuring you are who you say you are can provide that service in an automated way.

-Noel

Reply | Quote

Domain Validation (DV) certificates are NOT ensuring you are who you say you are. In fact they contain no such information. They validate that you have control over the domain (via HTTP or DNS).

https://letsencrypt.org/how-it-works/

3 users thanked author for this post.

Noel Carboni, mcbsys, Jan K.

Reply | Quote

Thanks for the clarification.

-Noel

Reply | Quote

Susan:

I agree.

My web host runs Lets Encrypt on my site; it has automatically renewed itself twice.  Called them a few days ago when this frumus broke out, and they said it was always an automatic process.

(For them.  I didn’t enquire about those running their own servers.)

Maybe it’s buried somewhere here: https://letsencrypt.org/documents/isrg-cps-v2.3/

Congrats on slaying the dragon, Woody! I’ll save a spot for you on that little island in the Pacific I keep threatening to move to when IT has driven me over the brink.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

Elly

Reply | Quote

After this round I’m ready to move to that small island. Have any particular one in mind?

1 user thanked author for this post.

Elly

Reply | Quote

woody wrote:

After this round I’m ready to move to that small island. Have any particular one in mind?

Yup.  When the time comes, I’ll send you the encrypted coordinates. I have standing orders to at least be planted there.

Hint: No volcanoes.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Wow! DEFCON 1.  Is that for real?

-Gene-

Reply | Quote

Yep. And it wasn’t that long ago when we were on DEFCON 5! (Does anyone remember that?)

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

MrJimPhelps wrote:

Yep. And it wasn’t that long ago when we were on DEFCON 5! (Does anyone remember that?)

I remember that.  It seems like an eternity ago.

 

Reply | Quote

anonymous wrote:

Wow! DEFCON 1. Is that for real?

There is no MS-DEFCON 0

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Maybe there should be, “Do not power up your computer!”

Reply | Quote

I have NO idea why that generated a giant smiley. Maybe a Tiki God did that…

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

FTFY

When quoting from a reply, if there is a smiley included within a quote, the forum software does this by default (Large Smiley) Best just to delete the quoted smiley from within the quote, as it’s the text within the quote that really counts.

Windows - commercial by definition and now function...

3 users thanked author for this post.

GoneToPlaid, SueW, Nibbled To Death By Ducks

Reply | Quote

Microfix: Danke! Didn’t know that pit was there under the leaves…

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

Microfix

Reply | Quote

All is well. No more prompts telling me how evil your website is.

1 user thanked author for this post.

SueW

Reply | Quote

I can so identify with that picture!

Welcome back Woody, this place was missed.

Reply | Quote

Woody

Its great to see you back.  Now I can stop going through withdrawal and start reading Ask Woody again with my morning coffee.

1 user thanked author for this post.

SueW

Reply | Quote

What a relief! I’ve been dying to ask if anyone had heard the joke about how many computer geeks it takes to change a SSL certificate, but decided it was unlikely to prove a contribution looked on with favour.

3 users thanked author for this post.

OscarCP, Cybertooth, Elly

Reply | Quote

Good to see the site back now. I really hope this won’t happen again as it’s been, what, the third time at least? I hope it didn’t deter too many new users from coming here. I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week.

Personally, I won’t add an exception in my browser for a website that should not need an exception especially for a site that has been attacked for a prolonged period of time in the past. I hope this will be the last time such an issue occurs.

2 users thanked author for this post.

OscarCP, Sam

Reply | Quote

Sessh wrote:

I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week.

Yes, I was thinking the same thing.

I’m so glad that Woody has finally gotten his own personal DEFCON 1 sorted out.  Now we just have to worry about Microsoft – as it should be!

Reply | Quote

Hip Hip Hooray! Defcon 1? So glad I always take the preemptive action of changing Update settings to “Never Check” before patch day rolls around.

Reply | Quote

Finally, thanks. Now you can back to doing some real work.

Reply | Quote

Sessh wrote:

Good to see the site back now. I really hope this won’t happen again as it’s been, what, the third time at least? I hope it didn’t deter too many new users from coming here. I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week. Personally, I won’t add an exception in my browser for a website that should not need an exception especially for a site that has been attacked for a prolonged period of time in the past. I hope this will be the last time such an issue occurs.

With all the hats Woody is wearing and all the problems he has saved us from he is the right to make a mistake. I for one will continue to thank Woody for all he does.

2 users thanked author for this post.

OscarCP, Elly

Reply | Quote

Judging from what Woody wrote here #204620 , it looks as if the problem was that the certificate, supposed to be renewed automatically, wasn’t. So he himself might have been the innocent victim of someone else’s failure to perform as agreed to, not the unwitting perpetrator.

But see also the posting here by mcbsys #204775  and #204793 about the fault being sometimes on the other side of the equation.

Anyhow: glad this is over. “Let the games begin.” Indeed.

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Congrats on getting Let’s Encrypt set up. I’ve been using that on a couple servers with good success. Yes, only three months is normal. Yes, it should auto-renew 30 days before expiration (so really you get a new cert every two months). Yes, it failed once because I mis-configured something, so put a note in your calendar to confirm that it renewed by 9/18/2018.

I actually have my daily cron job that does the “check for renewal” set up to send me an email every day. Usually it just says “cert not due for renewal” but when it renews, I see that too. I also see the periodic automatic updates to the Let’s Encrypt script.

1 user thanked author for this post.

Microfix

Reply | Quote

In case anyone is interested, here’s how I do it on an Ubuntu/Bitnami distribution running Apache as the web server. I created a custom certbot_renew.sh:

/usr/lib/certbot/certbot-auto renew --post-hook "/opt/bitnami/ctlscript.sh restart apache"

Here’s my cron job:

SHELL="/bin/bash"
MAILTO="my@email.com"
5 10 * * * /opt/bitnami/apps/admin/scripts/certbot_renew.sh

Email is sent through sSMTP (after I installed it).

NOTE Sometimes (probably when “officially” installed via apt-get), certbot also creates its own cron job as /etc/cron.d/certbot that runs twice per day. If that job handles the renewal, because it doesn’t include the hook to restart Apache, the old cert will continue to be served. Restart Apache to load the new cert (sudo /opt/bitnami/ctlscript.sh restart apache), then rename /etc/cron.d/certbot to certbot.disabled.

Reply | Quote

hi Woody. nice of the Askwoody site to be back online again and the Firefox and equivalent browsers now work with your web site again.

And there’s this recent ZDNet article saying that Windows 10 is still “not yet on 700 million ‘active’ devices”:
https://www.zdnet.com/article/windows-10-is-still-not-yet-on-700-million-active-devices/
Not even close to that number.

Reply | Quote

The nice thing about Let’s Encrypt is that it’s free, which is why a lot of “smaller” websites and companies use it. It’s sufficient if all you want is an HTTPS experience for your users.

Reply | Quote

Welcome back!

Reply | Quote