Discussion:
[Bioperl-l] Bad SSL certificate at bioperl.org
Carnë Draug
2017-09-14 17:10:04 UTC
Permalink
Hi

If you access https://bioperl.org you will get a SSL_ERROR_BAD_CERT_DOMAIN

The problem is that current certificate is only valid for github.io
domains.

Carnë
Peter Cock
2017-09-14 21:42:24 UTC
Permalink
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.

Peter
Post by Carnë Draug
Hi
If you access https://bioperl.org you will get a SSL_ERROR_BAD_CERT_DOMAIN
The problem is that current certificate is only valid for github.io
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
Hilmar Lapp
2017-09-14 22:18:22 UTC
Permalink
Not directly, that's correct. However, there are at least three alternatives, each with various pros and cons.

1) We could front the site with Cloudflare. This would give us a free SSL cert from Cloudflare. It would not redirect http to https, and would require moving DNS for the domain to Cloudflare.

2) Proxy the traffic from Github.io through our Apache server on AWS. This would allow us to redirect http to https, and we'd use a Let's Encrypt SSL cert. For Apache the LE certbot can auto-renew, I think. In essence this is us doing some of what Cloudflare would do, except for DDOS protection, so the site would then have a single point of failure.

3) Use Gitlab Pages for hosting. This would allow SSL certs for custom domains. My understanding is they also support Let's Encrypt for cert renewal, but I haven't tried that yet. Downside is that now we're hosting the repo in a different place than everything else Bioperl. I also don't know about redirecting http to https.

-hilmar

Sent from away
Post by Peter Cock
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.
Peter
Post by Carnë Draug
Hi
If you access https://bioperl.org you will get a SSL_ERROR_BAD_CERT_DOMAIN
The problem is that current certificate is only valid for github.io
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
Shyam Saladi
2017-09-15 00:10:40 UTC
Permalink
A minor point, but I think that Cloudflare can redirect http to https:

https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
Post by Hilmar Lapp
Not directly, that's correct. However, there are at least three
alternatives, each with various pros and cons.
1) We could front the site with Cloudflare. This would give us a free SSL
cert from Cloudflare. It would not redirect http to https, and would
require moving DNS for the domain to Cloudflare.
2) Proxy the traffic from Github.io through our Apache server on AWS. This
would allow us to redirect http to https, and we'd use a Let's Encrypt SSL
cert. For Apache the LE certbot can auto-renew, I think. In essence this is
us doing some of what Cloudflare would do, except for DDOS protection, so
the site would then have a single point of failure.
3) Use Gitlab Pages for hosting. This would allow SSL certs for custom
domains. My understanding is they also support Let's Encrypt for cert
renewal, but I haven't tried that yet. Downside is that now we're hosting
the repo in a different place than everything else Bioperl. I also don't
know about redirecting http to https.
-hilmar
Sent from away
Post by Peter Cock
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.
Peter
Post by Carnë Draug
Hi
If you access https://bioperl.org you will get a
SSL_ERROR_BAD_CERT_DOMAIN
Post by Peter Cock
Post by Carnë Draug
The problem is that current certificate is only valid for github.io
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
Hilmar Lapp
2017-09-15 00:44:58 UTC
Permalink
I thought activating that option required HTTPS and a valid SSL cert on the source site too. At least that’s what it seemed to be recently when I tried that (with my own website, also currently hosted off of Github Pages).

-hilmar
https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL- <https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL->
Not directly, that's correct. However, there are at least three alternatives, each with various pros and cons.
1) We could front the site with Cloudflare. This would give us a free SSL cert from Cloudflare. It would not redirect http to https, and would require moving DNS for the domain to Cloudflare.
2) Proxy the traffic from Github.io through our Apache server on AWS. This would allow us to redirect http to https, and we'd use a Let's Encrypt SSL cert. For Apache the LE certbot can auto-renew, I think. In essence this is us doing some of what Cloudflare would do, except for DDOS protection, so the site would then have a single point of failure.
3) Use Gitlab Pages for hosting. This would allow SSL certs for custom domains. My understanding is they also support Let's Encrypt for cert renewal, but I haven't tried that yet. Downside is that now we're hosting the repo in a different place than everything else Bioperl. I also don't know about redirecting http to https.
-hilmar
Sent from away
Post by Peter Cock
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.
Peter
Hi
If you access https://bioperl.org <https://bioperl.org/> you will get a SSL_ERROR_BAD_CERT_DOMAIN
The problem is that current certificate is only valid for github.io <http://github.io/>
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l <http://mailman.open-bio.org/mailman/listinfo/bioperl-l>
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l <http://mailman.open-bio.org/mailman/listinfo/bioperl-l>
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l <http://mailman.open-bio.org/mailman/listinfo/bioperl-l>
--
Hilmar Lapp -:- lappland.io
Shyam Saladi
2017-09-15 01:14:52 UTC
Permalink
Not sure, perhaps there was some change on Cloudflare's side recently. In
case it's helpful, my "Crypto" configuration is here:
https://www.dropbox.com/s/di47zjxp38yw0ar/Crypto_Cloudflare.pdf?dl=0

My personal site is similarly hosted with ghpages, and I set Cloudflare up
about a month ago. HTTPS redirection seems to work ok (try
http://shyam.saladi.org)

Shyam

On Sep 14, 2017 5:45 PM, "Hilmar Lapp" <***@drycafe.net> wrote:

I thought activating that option required HTTPS and a valid SSL cert on the
source site too. At least that’s what it seemed to be recently when I tried
that (with my own website, also currently hosted off of Github Pages).

-hilmar

On Sep 14, 2017, at 8:10 PM, Shyam Saladi <***@illinois.edu> wrote:

A minor point, but I think that Cloudflare can redirect http to https:

https://support.cloudflare.com/hc/en-us/articles/
200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
Post by Hilmar Lapp
Not directly, that's correct. However, there are at least three
alternatives, each with various pros and cons.
1) We could front the site with Cloudflare. This would give us a free SSL
cert from Cloudflare. It would not redirect http to https, and would
require moving DNS for the domain to Cloudflare.
2) Proxy the traffic from Github.io <http://github.io> through our Apache
server on AWS. This would allow us to redirect http to https, and we'd use
a Let's Encrypt SSL cert. For Apache the LE certbot can auto-renew, I
think. In essence this is us doing some of what Cloudflare would do, except
for DDOS protection, so the site would then have a single point of failure.
3) Use Gitlab Pages for hosting. This would allow SSL certs for custom
domains. My understanding is they also support Let's Encrypt for cert
renewal, but I haven't tried that yet. Downside is that now we're hosting
the repo in a different place than everything else Bioperl. I also don't
know about redirecting http to https.
-hilmar
Sent from away
Post by Peter Cock
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.
Peter
Post by Carnë Draug
Hi
If you access https://bioperl.org you will get a
SSL_ERROR_BAD_CERT_DOMAIN
Post by Peter Cock
Post by Carnë Draug
The problem is that current certificate is only valid for github.io
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
--
Hilmar Lapp -:- lappland.io
Fields, Christopher J
2017-09-17 18:55:05 UTC
Permalink
Peter, what is biopython doing re: HTTPS for biopython.org?

chris

From: Bioperl-l <bioperl-l-bounces+cjfields=***@mailman.open-bio.org> on behalf of Shyam Saladi <***@illinois.edu>
Date: Thursday, September 14, 2017 at 11:01 PM
To: Hilmar Lapp <***@drycafe.net>
Cc: Peter Cock <***@googlemail.com>, Bioperl BioPerl <bioperl-***@bioperl.org>, Carnë Draug <carandraug+***@gmail.com>
Subject: Re: [Bioperl-l] Bad SSL certificate at bioperl.org

Not sure, perhaps there was some change on Cloudflare's side recently. In case it's helpful, my "Crypto" configuration is here: https://www.dropbox.com/s/di47zjxp38yw0ar/Crypto_Cloudflare.pdf?dl=0<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.dropbox.com_s_di47zjxp38yw0ar_Crypto-5FCloudflare.pdf-3Fdl-3D0&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=XCU6iHG5B05AK3samuJLEAvWSdu3fMUaOKgMT5zK6D8&e=>

My personal site is similarly hosted with ghpages, and I set Cloudflare up about a month ago. HTTPS redirection seems to work ok (try http://shyam.saladi.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__shyam.saladi.org&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=PBL2QkswHGU7KLcPkFSqK6MEmjJemQV-tSAYNU8G74o&e=>)

Shyam

On Sep 14, 2017 5:45 PM, "Hilmar Lapp" <***@drycafe.net<mailto:***@drycafe.net>> wrote:
I thought activating that option required HTTPS and a valid SSL cert on the source site too. At least that’s what it seemed to be recently when I tried that (with my own website, also currently hosted off of Github Pages).

-hilmar

On Sep 14, 2017, at 8:10 PM, Shyam Saladi <***@illinois.edu<mailto:***@illinois.edu>> wrote:

A minor point, but I think that Cloudflare can redirect http to https:

https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.cloudflare.com_hc_en-2Dus_articles_200170536-2DHow-2Ddo-2DI-2Dredirect-2Dall-2Dvisitors-2Dto-2DHTTPS-2DSSL-2D&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=vOUpw2lgyvh3akO35BoTUAKeI2b1KthmbEZzi2MrtWs&e=>

On Thu, Sep 14, 2017 at 3:18 PM, Hilmar Lapp <***@drycafe.net<mailto:***@drycafe.net>> wrote:
Not directly, that's correct. However, there are at least three alternatives, each with various pros and cons.

1) We could front the site with Cloudflare. This would give us a free SSL cert from Cloudflare. It would not redirect http to https, and would require moving DNS for the domain to Cloudflare.

2) Proxy the traffic from Github.io<https://urldefense.proofpoint.com/v2/url?u=http-3A__github.io&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=XwbdWlMMOVKPnUvjRC9A1kRMmcYZeKBac78JwrKzUJ4&e=> through our Apache server on AWS. This would allow us to redirect http to https, and we'd use a Let's Encrypt SSL cert. For Apache the LE certbot can auto-renew, I think. In essence this is us doing some of what Cloudflare would do, except for DDOS protection, so the site would then have a single point of failure.

3) Use Gitlab Pages for hosting. This would allow SSL certs for custom domains. My understanding is they also support Let's Encrypt for cert renewal, but I haven't tried that yet. Downside is that now we're hosting the repo in a different place than everything else Bioperl. I also don't know about redirecting http to https.

-hilmar

Sent from away
Post by Peter Cock
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.
Peter
Hi
If you access https://bioperl.org<https://urldefense.proofpoint.com/v2/url?u=https-3A__bioperl.org_&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=xisPCXy-XinnalGIc3r_-ylMcK5dfyIadDcLhBByBr0&e=> you will get a SSL_ERROR_BAD_CERT_DOMAIN
The problem is that current certificate is only valid for github.io<https://urldefense.proofpoint.com/v2/url?u=http-3A__github.io_&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=KJoiZr_O4Q7gUciMpa8YP2nfQcZOZ-cTE4DOADdCW5I&e=>
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.open-2Dbio.org_mailman_listinfo_bioperl-2Dl&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=McmwuADXM7K8aPfvGAwcyFAYwjjlhXw0bY682_6cmTw&e=>
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.open-2Dbio.org_mailman_listinfo_bioperl-2Dl&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=McmwuADXM7K8aPfvGAwcyFAYwjjlhXw0bY682_6cmTw&e=>
_______________________________________________
Bioperl-l mailing list
Bioperl-***@mailman.open-bio.org<mailto:Bioperl-***@mailman.open-bio.org>
http://mailman.open-bio.org/mailman/listinfo/bioperl-l<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.open-2Dbio.org_mailman_listinfo_bioperl-2Dl&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=McmwuADXM7K8aPfvGAwcyFAYwjjlhXw0bY682_6cmTw&e=>
--
Hilmar Lapp -:- lappland.io<https://urldefense.proofpoint.com/v2/url?u=http-3A__lappland.io&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=AR9kUHMIKpw0Pt1esI6_UiTJnD9RLSTQcfpoKW7x_io&e=>
Peter Cock
2017-09-17 21:11:21 UTC
Permalink
Nothing as yet - I was hoping GitHub Pages would come up
with an officially recommended route as they have a large
and tech-savvy user base who'd use HTTPS.

Peter

On Sun, Sep 17, 2017 at 7:55 PM, Fields, Christopher J
Post by Fields, Christopher J
Peter, what is biopython doing re: HTTPS for biopython.org?
chris
From: Bioperl-l
Date: Thursday, September 14, 2017 at 11:01 PM
Subject: Re: [Bioperl-l] Bad SSL certificate at bioperl.org
Not sure, perhaps there was some change on Cloudflare's side recently. In
https://www.dropbox.com/s/di47zjxp38yw0ar/Crypto_Cloudflare.pdf?dl=0
My personal site is similarly hosted with ghpages, and I set Cloudflare up
about a month ago. HTTPS redirection seems to work ok (try
http://shyam.saladi.org)
Shyam
I thought activating that option required HTTPS and a valid SSL cert on the
source site too. At least that’s what it seemed to be recently when I tried
that (with my own website, also currently hosted off of Github Pages).
-hilmar
https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
Not directly, that's correct. However, there are at least three
alternatives, each with various pros and cons.
1) We could front the site with Cloudflare. This would give us a free SSL
cert from Cloudflare. It would not redirect http to https, and would require
moving DNS for the domain to Cloudflare.
2) Proxy the traffic from Github.io through our Apache server on AWS. This
would allow us to redirect http to https, and we'd use a Let's Encrypt SSL
cert. For Apache the LE certbot can auto-renew, I think. In essence this is
us doing some of what Cloudflare would do, except for DDOS protection, so
the site would then have a single point of failure.
3) Use Gitlab Pages for hosting. This would allow SSL certs for custom
domains. My understanding is they also support Let's Encrypt for cert
renewal, but I haven't tried that yet. Downside is that now we're hosting
the repo in a different place than everything else Bioperl. I also don't
know about redirecting http to https.
-hilmar
Sent from away
Post by Peter Cock
As far as I know, using your own domain with
GitHub pages and HTTPS is still not possible.
Peter
Post by Carnë Draug
Hi
If you access https://bioperl.org you will get a
SSL_ERROR_BAD_CERT_DOMAIN
The problem is that current certificate is only valid for github.io
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
--
Hilmar Lapp -:- lappland.io
Fields, Christopher J
2017-09-14 21:47:53 UTC
Permalink
I’ll check on this. I think the cert is run through OBF.

chris

On 9/14/17, 12:34 PM, "Bioperl-l on behalf of Carnë Draug" <bioperl-l-bounces+cjfields=***@mailman.open-bio.org on behalf of carandraug+***@gmail.com> wrote:

Hi

If you access https://bioperl.org you will get a SSL_ERROR_BAD_CERT_DOMAIN

The problem is that current certificate is only valid for github.io
domains.

Carnë

_______________________________________________
Bioperl-l mailing list
Bioperl-***@mailman.open-bio.org
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
Hilmar Lapp
2017-09-14 23:18:10 UTC
Permalink
No it’s not. It’s the cert Github provides for github.io. It’s a perfectly valid cert but doesn’t match the custom domain name bioperl.org.

-hilmar
Post by Fields, Christopher J
I’ll check on this. I think the cert is run through OBF.
chris
Hi
If you access https://bioperl.org you will get a SSL_ERROR_BAD_CERT_DOMAIN
The problem is that current certificate is only valid for github.io
domains.
Carnë
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
_______________________________________________
Bioperl-l mailing list
http://mailman.open-bio.org/mailman/listinfo/bioperl-l
--
Hilmar Lapp -:- lappland.io
Loading...