- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
yeah, that "Certficiate"
Admin
on the sudomain!
Admin
Why are you buying certificates instead of setting up Let's Encrypt?
Admin
The Real WTF: IIS on Windows.
Admin
No. The Real WTF is: Buying an SSL certificate in 2019.
Admin
I notice that the new server doesn't have an AAAA record. Sad. (Or should that be "Saaaad"?)
And yes, at home (and at work) I have access to the Internet by IPv6. Fortunately for my daily TDWTF fix, it's dual-stack in both places.
Admin
I can access it. Good work.
Admin
Came here to say this. I mean, why?
Admin
It does allow HTTP access but all links on all the pages are HTTPS - which is inconsistent since those subsequent pages are also accessible via HTTP. Thus, if both is possible, it would be better and certainly more consistent to stay in the same protocol all the time - i.e. not to flip the protocol in between.
Addendum 2019-01-14 09:36: Sorry, not all links are HTTPS but some (e.g. the ones on the home page that lead to the articles) - which makes it definitely inconsistent.
Admin
Can we fix the forum software next?
Admin
Yes, fix some forum issues.
Admin
Is there a reason to publish to C:\Websites rather than IIS's default C:\inetpub\wwwroot? Doesn't that make the app pool identity config for C:\Websites that bit more cumbersome?
Admin
P r e s t i g e. Why are people buying Fiji Water when you can have one for free off the tap?
Admin
Because it works... (nothing to gain by using something else)
Admin
The HTML title tag of this comment section has the name of the next article (Curious Perversions in Information Technology)
Admin
Let's Encrypt is too expensive.
Since setting up "Let's Encrypt" certificates almost two years ago, there were four SSL "outages" due to old certificates. That impacts reader experience, but more tangibly it takes unscheduled time to fix. Two of the failures were due to an auto-renewal script not running, and other two were inexplicit API failures. This is apparently not uncommon for websites that use Let's Encrypt -- it's "automatic" as long as someone remembers to watch it every 90 days.
Instead, I'd rather pay a few hundred bucks for a two-year certificate that's backed by a company who offers customer service if there's a problem (they even help install the certificate if there's some weird problem). This way I know that, come February 2021, I can spend two hours (max) buying and installing a new certificate. And that's that. No unexpected SSL outages.
Admin
If you use the certbot for letsencrypt in a scheduled task twice daily it's very unlikely that things will go wrong. I use letsencrypt on over 50 domains with no ssl downtime ever.
Admin
I've had Let's Encrypt running for several years on many servers, and the only failure I had so far was when I added a domain to config, but forgot to update the web server configuration, and then forgot about the site completely until the certificate expired 2 months later.
Windows was a bit more problematic, because until recently there weren't any decent renewal scripts, but win-acme (used to be called letsencrypt-win-simple) works well now, and I haven't had any problems since setting it up.
Also, if you put in your e-mail when you register with Let's Encrypt, they'll send you a reminder if you have any certificates that are close to expiration that you haven't renewed (this also happens if you add domains - it'll see the old certificate as expiring despite you already having a new certificate covering those domains).
Admin
Possibly related: When I tried to comment on another article, it said that I needed to log in. So I logged in. And got redirected to a 404 page. Back to the article. Tried to comment, it said I needed to log in. But clicking login, said I was already logged in. So I logged out, only to be told I was logged in. Or something like that. Fortunately I could in fact comment at this point, but there were some semi-wtf moments along the way.
Admin
Happened to me too.
Admin
Yeah, there's something weird with front page logins - I got the same 404 page at first, then it logged me in when I clicked Log In the second time (this time without asking me for username/password).
Admin
Great work. You should check out Caddy Webserver, https://caddyserver.com it works on windows very well, has automatic https cert integration with lets encrypted. You don’t just not have to worry about https not being renewed, you’ll never think about https ever again. It just works.
Admin
Oh, and speaking of WTFs, WTF does the page let unregistered users comment with names of registered users? That ender (unregistered) comment was not made by me.
Admin
So we can look forward to images working again RealSoonNow, right? (01-29)
Admin
TRWTF is faux Nginx/Apache config that with IIS:: like it’s C++?