Current SSL cert is not valid for "rtfd.org" domain #328
Comments
|
+1. This affects e.g. "Short URLs" section in project page (example: https://readthedocs.org/projects/write-the-docs-2013-notes/ - accessing second "Short URL" issues a security warning). |
|
This still seems to be an issue today. Are there any plans on extending the SSL certificate to *.rtfd.org and rtfd.org? |
|
We mainly don't have them because it's expensive, and the redirect domains On Sun, May 10, 2015 at 11:05 AM, Kyle Thompson [email protected]
Eric Holscher |
|
let's encrypt is now an easy to use and free alternative to the commercial CAs. it should be fairly easy to set that up to fix this bug, but i can't sponsor/donate those without access to the server hosting rtfd.org. |
|
The issue is that we need a wildcard cert, which letsencrypt doesn't On Tue, Jan 5, 2016 at 9:40 AM, anarcat [email protected] wrote:
Eric Holscher |
|
true that. but since it's automated, you could actually generate one cert per vhost... |
|
in fact, some webservers actually do that on the fly, like caddy |
|
Also affected by this:
|
Now that Let's Encrypt is a thing, could this be used to cut the costs here? |
|
As stated above, let's encrypt does not support wildcard certs, as per certbot/certbot#66. |
|
I would pay for ssl +custom domain using letsencrypt. |
|
@anarcat, the number of subdomains and requests/time that letsencrypt honours is limited and probably not enough for the number of sites hosted on RTD. |
|
@gwillem those are not hard limits - they can be modified as needed if you talk with them. see this comment for example. how many sites are we talking about anyways? |
|
@anarcat here you have the stats from last year: http://blog.readthedocs.com/read-the-docs-2016-stats/ |
|
definitely above 20 certs/week of course :p you'd have about 200k certs per year, so about 4k per week... but i guess it's something that could be discussed. now of course, LE will support wildcard certs starting in January 2018, so those numbers would become irrelevant if a wildcard is acceptable: https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html |
|
So, it's seems that's a matter of time. I think we should wait until Jan 2018 :D |
|
FYI: Wildcard support by LE delay: https://community.letsencrypt.org/t/acmev2-and-wildcard-launch-delay/53654
|
|
Some good news, https://twitter.com/letsencrypt/status/973607502188195840 |
|
As of today, we have an SSL certificate for rtfd.io. We don't really advertise rtfd.org anymore but I will probably still try to add a certificate for it. It's lower priority though. |
|
There is a cert for |
The current SSL cert is only valid for the full readthedocs.org spelling, resulting in a security warning if accessing the short URL over HTTPS. (So, not really a bug in the RTFD code itself, but I'm not sure where else to report site config issues)
The text was updated successfully, but these errors were encountered: