Skip to content
This repository has been archived by the owner on Sep 26, 2023. It is now read-only.

Invalid certificate at https://feathersjs.com #373

Closed
IBwWG opened this issue Jan 14, 2017 · 8 comments
Closed

Invalid certificate at https://feathersjs.com #373

IBwWG opened this issue Jan 14, 2017 · 8 comments

Comments

@IBwWG
Copy link
Contributor

IBwWG commented Jan 14, 2017
edited

https://feathersjs.com/ gives this in Firefox for Windows:

feathersjs.com uses an invalid security certificate. The certificate is only valid for the following names: www.github.com, *.github.com, github.com, *.github.io, github.io, *.githubusercontent.com, githubusercontent.com Error code: SSL_ERROR_BAD_CERT_DOMAIN
@IBwWG
Copy link
Contributor Author

IBwWG commented Feb 4, 2017

Chromium for Linux sounds even more alarming:

Your connection is not private
Attackers might be trying to steal your information from feathersjs.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
Automatically report details of possible security incidents to Google. Privacy policy

I realize this is a common issue with github.io-hosted sites, but in the current climate where everyone is being encouraged to use https everywhere, this is probably something good to figure out.

@just-boris
Copy link

that's true.
How can I use the framework, when browser warns me, that I should not trust the content on that page?

@daffl
Copy link
Member

daffl commented Feb 20, 2017

Don't use HTTPS? Or don't use the framework.

@just-boris
Copy link

just-boris commented Feb 20, 2017
edited

That's weird.
I have come to the main page from a blog post at https://blog.feathersjs.com/ (note that it has https) and got an invalid certificate message.

So I don't understand why sub-domains like docs.featherjs.com or blog.feathersjs.com have https, however the main page is not.

@jack-guy
Copy link

If https won't be supported, it'd probably be appropriate to implement a redirect from https->http.

@daffl
Copy link
Member

daffl commented Feb 20, 2017

Any site hosted on Github pages with a custom domain has the same problem, see for example https://emberjs.com/, https://yeoman.io, https://todomvc.com/ and many others. The docs and the blog are hosted on different providers that support HTTPS.

There should be no existing links to the homepage via HTTPS though.

@ekryski
Copy link
Contributor

ekryski commented Feb 20, 2017

As @daffl said we are using Github pages for the main site which doesn't support SSL.

I don't know how you are seeing https://feathersjs.com unless you are putting that in explicitly. If it is a link from the blog @IBwWG @just-boris can you please tell us which link and we'll re-open and try to fix this.

Otherwise, due to the nature of Github pages we'd need to move to a different hosting provider. We have plans to move to Netlify but as of right now this is not a high priority as you aren't sending any content through the main site that requires encryption.

@ekryski ekryski closed this as completed Feb 20, 2017
@daffl
Copy link
Member

daffl commented Apr 6, 2017

A new website with a valid certificate has been deployed and always redirects to https://feathersjs.com/ now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@daffl @ekryski @just-boris @jack-guy @IBwWG