LinuxBBQ

I noticed some strange behaviour in the last weeks. When I visit linuxbbq.org/bbs on Chrome and Safari, I get the error

"Your connection is not private
Attackers might be trying to steal your information from www.linuxbbq.org (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID" etc etc

Safari (OSX) brings a similar error message, just much shorter. I usually override this by visiting our forums in links or w3m, or on the mobile phone (both iOS and Android's Chrome browser work fine)

Today, however, I tried following route on Chrome on the PC:

1) google for LinuxBBQ
2) choose "visit cached page" right behind the link to our forums
3) get the cached version, it shows the "Time now is September 25, 2017 13:05" or so. Now click on one of the sub-forums' links
4) this redirects to a live version of the page, for example here, to the support forum
5) be curious and login in with username and password
6) the time now is the actual time, so it proves the site is not cached anymore
7) everything works as expected. I just wonder WTF I can not get here by simply visiting "https://linuxbbq.org/bbs"

tl;dr: when I visit linuxbbq.org/bbs through a cached version and then step out of the cached version, everything works as expected. Visiting the linuxbbq.org pages by entering their links into the address bar fails with a CERT error.

I do use ExpressVPN, however, the problem persists independently of VPN being turned on.

Ideas?

Interesting. If I use your link I encounter the same behavior. Now I am not savvy enough to distinguish the problem here because if I type, either in Firefox or Chrome, https://linuxbbq.org/, it works normally. That is also why my Google search offers me first. I see no cached version.

Though before the encryption switch I used to see the same message you have when I tried to log in into our forums. That is now gone since Wux made the change.

Edit: I seem to see a difference. One is https and the other is not. Could this be the problem? Maybe the cached version is not https.

Edit2: Definitely it is. You can also see it in your screenshots. Do I make sense?

Absolutely, you do make sense, but the browser's (or whatever) behaviour doesn't.

If I enter (type in!) https://linuxbbq.org, I get the error message on any browser I use on my computer (but not in text browsers, and no problem in Android or iOS). If I click on the link https://linuxbbq.org it works as it should.

http versions of our pages do never work, except if I use a text browser (yey!). The cached version of linuxbbq.org seems to be https.

So, is this a bug? If so, why does the bug replicate on different browsers? Is it because they are using some SSL shit that is installed on my computer, and the certificates are expired? If so, errrr, why does it happen on my Macbook with OSX, too? :D

Oh by the way, the cached version can be retrieved like so:
Also was ich vorhin gemeint habe, als Cached version, ist das, was Google selbst in einen Cache ablegt, das sieht man bei uns manchmal im Forum unten auf der Hauptseit, wenn der "Google bot" als Gast bei uns crawlt :D
Also auf jeden Fall verstehe ich das alles nicht. Um die Seite zu besuchen, muss ich eine Seite aufmachen, die einen Link zur https version hat, denn ueber einen Bookmarks zu https geht's nicht. Naja, ich setzt das mal auf [solved].

Danke Dir!

OK. Now I understand you better but indeed cannot make sense about the browser's behavior either. :D
Could be the SSL thing.

Wux, where are you? :)

^ lol leave him alone :D It seems the problem was here on my side. Once I cleared the cache and re-entered the https link, it started working (btw I don't use www. now in front of the domain name). Thanks anyway, I could figure out where the problem was. I guessed it also had to do with my new router (ddwrt).

^^ DRINKING. :D
I think when I was playing with the SSL thing I did something dense. Ask Frank. Google probably cached it
yes Let's encrypt certs are a bit stupid when it comes to www. or non-www. it's none www.

google oddly caches the blue version of the forums.

Anyway glad that's resolved..

PS I think you'll find the text versions are still encrypted. hm at least the forums are..

^ I see that you cached it to 1 year Wux ( the certificate), i rarely did this on my first run with any site, choosing to pick a month or three months, because browsers (especially the GUI ones) did this. That i think is the problem, not that it is a big one anyway (been there done something even worse than this, like using HPKP).

Also Wux, for security reasons, try disable the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher on your server, if it is possible. :)

yeah - that caching thing. yeah I added some special list to the cipher suite.

Wux:

I think you forgot to add www.linuxbbq.org to letsencrypt domain :)

Well yes and no, I didn't forget and did add it - but using the auto certbot it overrides the non-www one, so it was one or the other - so kept it to non-www. (see https://linuxbbq.org/bbs/viewtopic.php? ... 434#p59253)
I might get around to adding it- if i get some free time.