• andrea (unregistered)

    yeah, that "Certficiate"

  • Martijn Lievaart (unregistered) in reply to andrea

    on the sudomain!

  • (nodebb)

    Why are you buying certificates instead of setting up Let's Encrypt?

  • Dennis (unregistered)

    The Real WTF: IIS on Windows.

  • ender (unregistered)

    No. The Real WTF is: Buying an SSL certificate in 2019.

  • (nodebb)

    I notice that the new server doesn't have an AAAA record. Sad. (Or should that be "Saaaad"?)

    And yes, at home (and at work) I have access to the Internet by IPv6. Fortunately for my daily TDWTF fix, it's dual-stack in both places.

  • Pierre Lebeaupin (unregistered)

    I can access it. Good work.

  • Christof (unregistered) in reply to Dennis

    Came here to say this. I mean, why?

  • (nodebb)

    It does allow HTTP access but all links on all the pages are HTTPS - which is inconsistent since those subsequent pages are also accessible via HTTP. Thus, if both is possible, it would be better and certainly more consistent to stay in the same protocol all the time - i.e. not to flip the protocol in between.

    Addendum 2019-01-14 09:36: Sorry, not all links are HTTPS but some (e.g. the ones on the home page that lead to the articles) - which makes it definitely inconsistent.

  • (nodebb)

    Can we fix the forum software next?

  • Appalled (unregistered) in reply to jkshapiro

    Yes, fix some forum issues.

    1. Ditch the "Held for Moderation" function. If u truly wish to moderate, keep or delete, rather than leave them pending.
    2. Add buttons to easily insert code snippets.
  • Meep (unregistered)

    Is there a reason to publish to C:\Websites rather than IIS's default C:\inetpub\wwwroot? Doesn't that make the app pool identity config for C:\Websites that bit more cumbersome?

  • Davis (unregistered) in reply to ender

    P r e s t i g e. Why are people buying Fiji Water when you can have one for free off the tap?

  • Klimax (unregistered) in reply to Christof

    Because it works... (nothing to gain by using something else)

  • It's broken (unregistered)

    The HTML title tag of this comment section has the name of the next article (Curious Perversions in Information Technology)

  • (author) in reply to ender

    Let's Encrypt is too expensive.

    Since setting up "Let's Encrypt" certificates almost two years ago, there were four SSL "outages" due to old certificates. That impacts reader experience, but more tangibly it takes unscheduled time to fix. Two of the failures were due to an auto-renewal script not running, and other two were inexplicit API failures. This is apparently not uncommon for websites that use Let's Encrypt -- it's "automatic" as long as someone remembers to watch it every 90 days.

    Instead, I'd rather pay a few hundred bucks for a two-year certificate that's backed by a company who offers customer service if there's a problem (they even help install the certificate if there's some weird problem). This way I know that, come February 2021, I can spend two hours (max) buying and installing a new certificate. And that's that. No unexpected SSL outages.

  • Raj (unregistered) in reply to Alex Papadimoulis

    If you use the certbot for letsencrypt in a scheduled task twice daily it's very unlikely that things will go wrong. I use letsencrypt on over 50 domains with no ssl downtime ever.

  • (nodebb) in reply to Alex Papadimoulis

    I've had Let's Encrypt running for several years on many servers, and the only failure I had so far was when I added a domain to config, but forgot to update the web server configuration, and then forgot about the site completely until the certificate expired 2 months later.

    Windows was a bit more problematic, because until recently there weren't any decent renewal scripts, but win-acme (used to be called letsencrypt-win-simple) works well now, and I haven't had any problems since setting it up.

    Also, if you put in your e-mail when you register with Let's Encrypt, they'll send you a reminder if you have any certificates that are close to expiration that you haven't renewed (this also happens if you add domains - it'll see the old certificate as expiring despite you already having a new certificate covering those domains).

  • (nodebb)

    Possibly related: When I tried to comment on another article, it said that I needed to log in. So I logged in. And got redirected to a 404 page. Back to the article. Tried to comment, it said I needed to log in. But clicking login, said I was already logged in. So I logged out, only to be told I was logged in. Or something like that. Fortunately I could in fact comment at this point, but there were some semi-wtf moments along the way.

  • (nodebb) in reply to urkerab

    Happened to me too.

  • (nodebb)

    Yeah, there's something weird with front page logins - I got the same 404 page at first, then it logged me in when I clicked Log In the second time (this time without asking me for username/password).

  • Toby Allen (unregistered)

    Great work. You should check out Caddy Webserver, https://caddyserver.com it works on windows very well, has automatic https cert integration with lets encrypted. You don’t just not have to worry about https not being renewed, you’ll never think about https ever again. It just works.

  • (nodebb)

    Oh, and speaking of WTFs, WTF does the page let unregistered users comment with names of registered users? That ender (unregistered) comment was not made by me.

  • SSLfubar (unregistered)
    Instead, I'd rather pay a few hundred bucks for a two-year certificate that's backed by a company who offers customer service if there's a problem (they even help install the certificate if there's some weird problem). This way I know that, come February 2021, I can spend two hours (max) buying and installing a new certificate. And that's that. No unexpected SSL outages.

    So we can look forward to images working again RealSoonNow, right? (01-29)

Leave a comment on “TheDailyWtf.com Server Migration Complete”

Log In or post as a guest

Replying to comment #:

« Return to Article