Your connection is not private [solved and doesn't make sense]

Forum rules
We don't support installations in VirtualBox, VMWare, qemu or others. We ignore posts about WINE, PlayOnLinux, Steam and Skype. We don't support btrfs, lvm, UEFI, side-by-side installations with GPT or dualboot with anything newer than Windows XP.
Google your problem first. Check the Wiki. Read the existing threads. It's okay to "hijack" an existing thread, yes! If your problem is not yet covered, open a new thread. To get the quickest possible help, mention the exact release codename in your post (uname -a is a good idea, too). Due to the lack of crystal balls, attach the output of lspci -nnk if you encounter hardware problems.
machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Your connection is not private [solved and doesn't make sense]

Unread post by machinebacon » Thu Sep 28, 2017 5:39 am

I noticed some strange behaviour in the last weeks. When I visit linuxbbq.org/bbs on Chrome and Safari, I get the error

"Your connection is not private
Attackers might be trying to steal your information from www.linuxbbq.org (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID" etc etc

Safari (OSX) brings a similar error message, just much shorter. I usually override this by visiting our forums in links or w3m, or on the mobile phone (both iOS and Android's Chrome browser work fine)

Today, however, I tried following route on Chrome on the PC:

1) google for LinuxBBQ
2) choose "visit cached page" right behind the link to our forums
3) get the cached version, it shows the "Time now is September 25, 2017 13:05" or so. Now click on one of the sub-forums' links
4) this redirects to a live version of the page, for example here, to the support forum
5) be curious and login in with username and password
6) the time now is the actual time, so it proves the site is not cached anymore
7) everything works as expected. I just wonder WTF I can not get here by simply visiting "https://linuxbbq.org/bbs"

tl;dr: when I visit linuxbbq.org/bbs through a cached version and then step out of the cached version, everything works as expected. Visiting the linuxbbq.org pages by entering their links into the address bar fails with a CERT error.

I do use ExpressVPN, however, the problem persists independently of VPN being turned on.

Ideas?
Attachments
WechatIMG70.jpeg
WechatIMG69.jpeg
..gnutella..

User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

Re: Your connection is not private

Unread post by ivanovnegro » Thu Sep 28, 2017 10:38 pm

Interesting. If I use your link I encounter the same behavior. Now I am not savvy enough to distinguish the problem here because if I type, either in Firefox or Chrome, https://linuxbbq.org/, it works normally. That is also why my Google search offers me first. I see no cached version.

Though before the encryption switch I used to see the same message you have when I tried to log in into our forums. That is now gone since Wux made the change.

Edit: I seem to see a difference. One is https and the other is not. Could this be the problem? Maybe the cached version is not https.

Edit2: Definitely it is. You can also see it in your screenshots. Do I make sense?

machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Re: Your connection is not private

Unread post by machinebacon » Fri Sep 29, 2017 6:25 am

Absolutely, you do make sense, but the browser's (or whatever) behaviour doesn't.

If I enter (type in!) https://linuxbbq.org, I get the error message on any browser I use on my computer (but not in text browsers, and no problem in Android or iOS). If I click on the link https://linuxbbq.org it works as it should.

http versions of our pages do never work, except if I use a text browser (yey!). The cached version of linuxbbq.org seems to be https.

So, is this a bug? If so, why does the bug replicate on different browsers? Is it because they are using some SSL shit that is installed on my computer, and the certificates are expired? If so, errrr, why does it happen on my Macbook with OSX, too? :D

Oh by the way, the cached version can be retrieved like so:
WechatIMG81.jpeg
Also was ich vorhin gemeint habe, als Cached version, ist das, was Google selbst in einen Cache ablegt, das sieht man bei uns manchmal im Forum unten auf der Hauptseit, wenn der "Google bot" als Gast bei uns crawlt :D
Also auf jeden Fall verstehe ich das alles nicht. Um die Seite zu besuchen, muss ich eine Seite aufmachen, die einen Link zur https version hat, denn ueber einen Bookmarks zu https geht's nicht. Naja, ich setzt das mal auf [solved].

Danke Dir!
..gnutella..

User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

Re: Your connection is not private [solved and doesn't make sense]

Unread post by ivanovnegro » Fri Sep 29, 2017 6:03 pm

OK. Now I understand you better but indeed cannot make sense about the browser's behavior either. :D
Could be the SSL thing.

Wux, where are you? :)

machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

Re: Your connection is not private [solved and doesn't make sense]

Unread post by machinebacon » Sat Sep 30, 2017 6:13 am

^ lol leave him alone :D It seems the problem was here on my side. Once I cleared the cache and re-entered the https link, it started working (btw I don't use www. now in front of the domain name). Thanks anyway, I could figure out where the problem was. I guessed it also had to do with my new router (ddwrt).
..gnutella..

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: Your connection is not private [solved and doesn't make sense]

Unread post by wuxmedia » Sat Sep 30, 2017 8:07 pm

^^ DRINKING. :D
I think when I was playing with the SSL thing I did something dense. Ask Frank. Google probably cached it
yes Let's encrypt certs are a bit stupid when it comes to www. or non-www. it's none www.

google oddly caches the blue version of the forums.

Anyway glad that's resolved..

PS I think you'll find the text versions are still encrypted. hm at least the forums are..
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
franksinistra
Ivana Fukalot
Posts: 1093
Joined: Mon Jan 27, 2014 2:03 am
Location: 印尼国

Re: Your connection is not private [solved and doesn't make sense]

Unread post by franksinistra » Sun Oct 01, 2017 11:55 am

^ I see that you cached it to 1 year Wux ( the certificate), i rarely did this on my first run with any site, choosing to pick a month or three months, because browsers (especially the GUI ones) did this. That i think is the problem, not that it is a big one anyway (been there done something even worse than this, like using HPKP).

Also Wux, for security reasons, try disable the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher on your server, if it is possible. :)
rice no more.

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: Your connection is not private [solved and doesn't make sense]

Unread post by wuxmedia » Thu Oct 05, 2017 9:11 am

yeah - that caching thing. yeah I added some special list to the cipher suite.
"Seek, and Ye shall find"
"Github | Chooons | Site"

User avatar
franksinistra
Ivana Fukalot
Posts: 1093
Joined: Mon Jan 27, 2014 2:03 am
Location: 印尼国

Re: Your connection is not private [solved and doesn't make sense]

Unread post by franksinistra » Sat Nov 11, 2017 5:04 pm

Wux:

I think you forgot to add www.linuxbbq.org to letsencrypt domain :)
Attachments
www.png
rice no more.

User avatar
wuxmedia
Grasshopper
Posts: 6445
Joined: Wed Oct 17, 2012 11:32 am
Location: Back in Blighty
Contact:

Re: Your connection is not private [solved and doesn't make sense]

Unread post by wuxmedia » Sun Nov 12, 2017 1:48 pm

Well yes and no, I didn't forget and did add it - but using the auto certbot it overrides the non-www one, so it was one or the other - so kept it to non-www. (see https://linuxbbq.org/bbs/viewtopic.php? ... 434#p59253)
I might get around to adding it- if i get some free time.
"Seek, and Ye shall find"
"Github | Chooons | Site"

Locked