[Bioperl-l] Bad SSL certificate at bioperl.org

Fields, Christopher J cjfields at illinois.edu
Sun Sep 17 18:55:05 UTC 2017


Peter, what is biopython doing re: HTTPS for biopython.org?

chris

From: Bioperl-l <bioperl-l-bounces+cjfields=illinois.edu at mailman.open-bio.org> on behalf of Shyam Saladi <saladi1 at illinois.edu>
Date: Thursday, September 14, 2017 at 11:01 PM
To: Hilmar Lapp <hlapp at drycafe.net>
Cc: Peter Cock <p.j.a.cock at googlemail.com>, Bioperl BioPerl <bioperl-l at bioperl.org>, Carnë Draug <carandraug+dev at gmail.com>
Subject: Re: [Bioperl-l] Bad SSL certificate at bioperl.org

Not sure, perhaps there was some change on Cloudflare's side recently. In case it's helpful, my "Crypto" configuration is here: https://www.dropbox.com/s/di47zjxp38yw0ar/Crypto_Cloudflare.pdf?dl=0<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.dropbox.com_s_di47zjxp38yw0ar_Crypto-5FCloudflare.pdf-3Fdl-3D0&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=XCU6iHG5B05AK3samuJLEAvWSdu3fMUaOKgMT5zK6D8&e=>

My personal site is similarly hosted with ghpages, and I set Cloudflare up about a month ago. HTTPS redirection seems to work ok (try http://shyam.saladi.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__shyam.saladi.org&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=PBL2QkswHGU7KLcPkFSqK6MEmjJemQV-tSAYNU8G74o&e=>)

Shyam

On Sep 14, 2017 5:45 PM, "Hilmar Lapp" <hlapp at drycafe.net<mailto:hlapp at drycafe.net>> wrote:
I thought activating that option required HTTPS and a valid SSL cert on the source site too. At least that’s what it seemed to be recently when I tried that (with my own website, also currently hosted off of Github Pages).

  -hilmar

On Sep 14, 2017, at 8:10 PM, Shyam Saladi <saladi1 at illinois.edu<mailto:saladi1 at illinois.edu>> wrote:

A minor point, but I think that Cloudflare can redirect http to https:

https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.cloudflare.com_hc_en-2Dus_articles_200170536-2DHow-2Ddo-2DI-2Dredirect-2Dall-2Dvisitors-2Dto-2DHTTPS-2DSSL-2D&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=vOUpw2lgyvh3akO35BoTUAKeI2b1KthmbEZzi2MrtWs&e=>

On Thu, Sep 14, 2017 at 3:18 PM, Hilmar Lapp <hlapp at drycafe.net<mailto:hlapp at drycafe.net>> wrote:
Not directly, that's correct.  However, there are at least three alternatives, each with various pros and cons.

1) We could front the site with Cloudflare. This would give us a free SSL cert from Cloudflare. It would not redirect http to https, and would require moving DNS for the domain to Cloudflare.

2) Proxy the traffic from Github.io<https://urldefense.proofpoint.com/v2/url?u=http-3A__github.io&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=XwbdWlMMOVKPnUvjRC9A1kRMmcYZeKBac78JwrKzUJ4&e=> through our Apache server on AWS. This would allow us to redirect http to https, and we'd use a Let's Encrypt SSL cert. For Apache the LE certbot can auto-renew, I think. In essence this is us doing some of what Cloudflare would do, except for DDOS protection, so the site would then have a single point of failure.

3) Use Gitlab Pages for hosting. This would allow SSL certs for custom domains. My understanding is they also support Let's Encrypt for cert renewal, but I haven't tried that yet. Downside is that now we're hosting the repo in a different place than everything else Bioperl. I also don't know about redirecting http to https.

-hilmar

Sent from away

> On Sep 14, 2017, at 5:42 PM, Peter Cock <p.j.a.cock at googlemail.com<mailto:p.j.a.cock at googlemail.com>> wrote:
>
> As far as I know, using your own domain with
> GitHub pages and HTTPS is still not possible.
>
> Peter
>
>> On Thu, Sep 14, 2017 at 6:10 PM, Carnë Draug <carandraug+dev at gmail.com<mailto:carandraug%2Bdev at gmail.com>> wrote:
>> Hi
>>
>> If you access https://bioperl.org<https://urldefense.proofpoint.com/v2/url?u=https-3A__bioperl.org_&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=xisPCXy-XinnalGIc3r_-ylMcK5dfyIadDcLhBByBr0&e=> you will get a SSL_ERROR_BAD_CERT_DOMAIN
>>
>> The problem is that current certificate is only valid for github.io<https://urldefense.proofpoint.com/v2/url?u=http-3A__github.io_&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=KJoiZr_O4Q7gUciMpa8YP2nfQcZOZ-cTE4DOADdCW5I&e=>
>> domains.
>>
>> Carnë
>>
>> _______________________________________________
>> Bioperl-l mailing list
>> Bioperl-l at mailman.open-bio.org<mailto:Bioperl-l at mailman.open-bio.org>
>> http://mailman.open-bio.org/mailman/listinfo/bioperl-l<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.open-2Dbio.org_mailman_listinfo_bioperl-2Dl&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=McmwuADXM7K8aPfvGAwcyFAYwjjlhXw0bY682_6cmTw&e=>
>
> _______________________________________________
> Bioperl-l mailing list
> Bioperl-l at mailman.open-bio.org<mailto:Bioperl-l at mailman.open-bio.org>
> http://mailman.open-bio.org/mailman/listinfo/bioperl-l<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.open-2Dbio.org_mailman_listinfo_bioperl-2Dl&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=McmwuADXM7K8aPfvGAwcyFAYwjjlhXw0bY682_6cmTw&e=>

_______________________________________________
Bioperl-l mailing list
Bioperl-l at mailman.open-bio.org<mailto:Bioperl-l at mailman.open-bio.org>
http://mailman.open-bio.org/mailman/listinfo/bioperl-l<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.open-2Dbio.org_mailman_listinfo_bioperl-2Dl&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=McmwuADXM7K8aPfvGAwcyFAYwjjlhXw0bY682_6cmTw&e=>


--
Hilmar Lapp -:- lappland.io<https://urldefense.proofpoint.com/v2/url?u=http-3A__lappland.io&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=fbHa8Njtvh9VmSnzJxiEUTW9NWDwMMwQAzhgZDO41GQ&m=hBTIXay26WRpRjY2iI2G3bgZMAReDlHFATWxqCCfP4I&s=AR9kUHMIKpw0Pt1esI6_UiTJnD9RLSTQcfpoKW7x_io&e=>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.open-bio.org/pipermail/bioperl-l/attachments/20170917/0c3aa3bb/attachment.html>


More information about the Bioperl-l mailing list