Page MenuHomeMiraheze

www certificate problem
Closed, ResolvedPublic

Description

https://www doesn't work with many Miraheze hosted wikis, e.g. allthetropes.org works fine but https://www.allthetropes.org/ comes up with a (to average user) scary warning message?

Related Objects

Event Timeline

Rob_Kam created this task.Dec 3 2017, 12:10
revi added a comment.Dec 3 2017, 17:26

We should default to bundle www. when generating TLD domain cert, or any certification imo.

It should be done via SAN field.

John added a subscriber: John.Dec 3 2017, 18:21
In T2496#47218, @revi wrote:

We should default to bundle www. when generating TLD domain cert, or any certification imo.
It should be done via SAN field.

But then the ticket is mostly aimed at all wikis. Which we can’t do that for.

Videojeux4 triaged this task as Normal priority.Dec 5 2017, 16:40
revi added a comment.Dec 9 2017, 09:42

Another complaints with www. not available:

18:35:03 <Giuseppe_> Maybe I did something wrong, www.programming.red does not resolve
18:35:08 <Giuseppe_> I have written an email
18:35:36 <+Reception123> Giuseppe_: try without www
18:36:17 <Giuseppe_> ERR_NAME_NOT_RESOLVED (chrome)
18:36:33 <+Reception123> did you try https://programming.red
18:37:29 <Giuseppe_> Orher browsers...
18:37:41 <Giuseppe_> Yes: programming.red does work
18:37:46 <Giuseppe_> www.programming.red does not
18:38:08 <Giuseppe_> Could you please add this "alias" ?

New certs without subdomains (i.e. revi.wiki) should have www. as alias in the future, imo.

@John I didn't mean to include subdomain in the list of 'we need alias'.

As I said before, I think that adding a www. for each new wiki is not doable, as that would mean that we'd have to renew twice the amount of certs. IMO this is blocked until T1849 is done.

John added a comment.May 2 2018, 10:24

You can very easily generate a cert for both {domain} and www.{domain}

Yes, of course. But as I said that puts double the work for renewing.

John added a comment.May 2 2018, 11:09

No it's not. SAN exists.