Milovana.com

Accessing the site from Firefox, I see htis:

milovana.com uses an invalid security certificate. The certificate does not come from a trusted source. Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

which suggests the security certificate is not from a provider that issues decent ones (or is self-cert). These days most people get their free certs from letsencrypt. Will Milovana change it?

Im not getting that error on firefox.

Although the cause looks to be the certificate being issued before 1st June 2016 (public certificate transparency logs date)

The current certificate has only got 1 month and 18 days left on it. So it will more than like be updated soon anyway.

Sissy Elise wrote: Wed Apr 18, 2018 9:48 pm Im not getting that error on firefox.

Although the cause looks to be the certificate being issued before 1st June 2016 (public certificate transparency logs date)

The current certificate has only got 1 month and 18 days left on it. So it will more than like be updated soon anyway.

I found an article where they states what can be an issue:
https://support.servertastic.com/announ ... rtificates

In case the cert was issued by Symantec (Symantec also issues certificates under the Geotrust, Thawte and RapidSSL brands.), browsers should have a restriction for certificates that were issued (including reissues) before 1 June 2016 with an expiry after 15 March 2018.
So even if the cert is technically valid, it can not be trusted, hence the error.

This update had been implemented on marc 12 and should be in effect from version 60, so if the firefox version is older than that, it won't say a thing.

(Like a blocked debit card that has an expiration date in the future, it technically not expired so you could buy things with it, but when it comes to paying the terminal will decline it.)

I strongly suggest to the devs to use this site for the new cert:
https://letsencrypt.org/

You can make a cert in minutes and with a small cron job it reissues itself.

Given there's a valid SHA256 cert from a traditional SSL provider (who's not about to be blacklisted), there's not a lot of reason for it to be switched over to LetsEncrypt.

Lets Encrypt is free and well supported with strong ciphers, its not a must but it would save costs for the site.

DoxysTurtle wrote: Thu Apr 19, 2018 3:49 pm Given there's a valid SHA256 cert from a traditional SSL provider (who's not about to be blacklisted), there's not a lot of reason for it to be switched over to LetsEncrypt.

Valid != trusted and the current cert should be switched by now.
https://security.googleblog.com/2017/09 ... antec.html

So we need a new cert that is for sure. Money can be an issue for a free site and rapid ssl aint free.
It starts at 59$, but if it's a wildcard cert, it's 249$.

While letsencryp is free, reliable (SHA256 RSA 2048, just like this one) and if you would just give a look to the "major sponsors and donors" section on the letsencrypt site, you would see, that it won't be blacklisted in the near future.

And do not get me wrong, I do not care were they get their cert, but they should get one asap. I just tried to offer a free alternative, if money is the reason behind the distrusted cert.

Use LetsEncrypt in combination with a cron task to automatically renew it each month.

If the devs have any questions regarding it, feel free to message me.

Moved the site to Cloudflare. By doing that I'm basically making it so I don't have to worry about things like certificates in the future. It might also help with security thanks to some of their filtering. It's possible that the filtering causes some issues, since Milovana uses a lot of custom software. But we'll take it as it comes.