site certificate just expired

agh gay!

I would sign my own certs, but https is effectively under the control of a digital cartel so we have to deal with this stupid shit

Manjaro moment.

lol retard

https://digdeeper.club/articles/static.xhtml#ssl

You do not need to rely on a certificate authority to support encrypted connections - you can generate the cert yourself. This has some advantages in that you don't have to rely on a third party that can go down at any time, or just be hacked and compromised by "cybercriminals". You can have stronger encryption than the maximum offered by acme / Let's Encrypt (8192 vs 4096). You can have your cert be valid for whatever length of time you want to, instead of the puny month or 3 months or whatever of LE; you will never be canceled, either. And finally you can fill the data with funny stuff like this:

Showing the 'View certificate' window in Pale Moon for my diggy.club self-signed cert, with 'Dig Deeper Team' listed as the issuing organization

Compare to a Let's Encrypt-assigned one:

Showing the 'View certificate' window in Pale Moon for my digdeeper.club Let's Encrypt cert. The lack of fun stuff in the data is very obvious.

So what's the catch? Because there has to be one, right? There indeed is, and a very serious one. Namely that all mainstream browsers display a big scary warning when they encounter a self-signed cert. Like this:

Self-signed cert warning in Chrome-based browsers, claiming the connection is 'not private' and offering a way to 'get back to safety' by leaving the offending page

You can click Advanced and proceed to my site anyway, but every normie will retreat to his "safe" Google-shaped cage instead. So if you want any actual viewership, you can't rely on this at least unless you have another host with an "official" cert.

It just doesn't want to work. Yet another Linux moment where things just break for reasons unknown

Ok, whatever. I'm going to use a self-signed cert and see how far this takes us then

>Someone could be trying to impersonate the site and you should not continue.

>Websites prove their identity via certificates. LibreWolf does not trust cy-x.net because its certificate issuer is >unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

>Error code: SEC_ERROR_UNKNOWN_ISSUER

admin@cy-x:~$ curl https://cy-x.net

>curl: (60) SSL certificate problem: unable to get local issuer certificate
>More details here: https://curl.se/docs/sslcerts.html
>curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it.
>To learn more about this situation and how to fix it, please visit the web page mentioned above.

>This Connection is Untrusted

>You have asked Pale Moon to connect securely to www.cy-x.net, but we can't confirm that your connection is secure.

>www.cy-x.net uses an invalid security certificate.
>The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
>(Error code: SEC_ERROR_UNKNOWN_ISSUER)

Fuck off! I'm not going to continue trying to mess around with this. I'm confident that everyone who actually uses this site on a weekly basis knows enough about technology to understand what a self-signed certificate is.

Fix the ssl you fucking retard

>>4114
It is now self-signed.

Yeah no shit. HTTPS broke open web standards and should have never been allowed to happen.
>just let me beg some authority figure to hand over a key so the browser doesn't spook the end user into thinking my website is malware

>Community: 7 connected
>(IRC: 3 | XMPP: 3 | Mumble: 1)
That used to say 40 connected.
grim