Back

[ SOLVED ] Can't view forum or flashcard site with FireFox

#26
A 2nd live chat attempt .. person recognizes the cert is revoked, and notified the admins to have a look at it... now it could take days go figure.
Reply
#27
What? You mean to say that you weren't thoroughly impressed by the technical knowledge of tech-support? Madness!

Hope this gets resolved soon, it sounds like a real pain to deal with.
Reply
#28
Had a new mail from Comodo to confirm 3 domains... seems like they are being re-issued since I talked to live chat. Hmm.

@sholum to be fair a while ago HostGator ticket system was really good. They have skilled people answering the tickets. Then some time ago they seem to have reduced resources? I don't know but their support site sends you to live chat for many topics, when it didn't before.
Edited: 2017-06-19, 2:36 pm
Reply
6-Month Challenge: Get 6-Month Premium for $66 or Premium PLUS for $166 (June 19th - 30th)
JapanesePod101
#29
(2017-06-19, 5:36 am)ファブリス Wrote: Where do you get the certificate revocation date?

If you download the certificate revocation list, you can search it for your certificate's serial number. Windows has a built-in viewer for CRLs, I'm not sure about other operating systems but they probably have tools as well.

It seems like HostGator finally knows what to look for, so hopefully it'll get resolved soon.
Reply
#30
DNS CAA will be mandatory starting on September, but for the time being you're good without it. It consists in adding one more-or-less-straightforward record to your DNS.

I agree with egbert314: now that HostGator seems on track, let's hope this would be resolved soon.



In GNU/Linux you can use OpenSSL to check against CLRs or OCSP, but it's not for the faint of heart: there are no "high level" operations to do this, you have to issue several convoluted commands to get the info you need, step by step. Here are some links to explanations on how to do it (they all say approximately the same things):
https://raymii.org/s/articles/OpenSSL_Ma..._OCSP.html
https://serverfault.com/questions/590504...en-revoked
https://blog.ivanristic.com/2014/02/chec...enssl.html

And alternative, more user-friendly tools (maybe that's an overstatement):
https://linux.die.net/man/1/dirmngr-client
Reply
#31
I'm posting this with Firefox! Big Grin
Reply
#32
(2017-06-19, 10:52 pm)Splatted Wrote: I'm posting this with Firefox! Big Grin

Can confirm.

苦あれば楽あり
Edited: 2017-06-19, 11:05 pm
Reply
#33
Indeed SSL Labs report is now back to "A".

(2017-06-19, 6:40 pm)faneca Wrote: DNS CAA will be mandatory starting on September, but for the time being you're good without it. It consists in adding one more-or-less-straightforward record to your DNS.
Thanks a lot ! So I will ask them about setting this up too.

PS: do you have any guides? I know the primary / secondary DNS and the IP from the host, if that's sufficient maybe I can do it myself.
Edited: 2017-06-20, 6:05 am
Reply
#34
(2017-06-19, 6:16 pm)egbert314 Wrote:
(2017-06-19, 5:36 am)ファブリス Wrote: Where do you get the certificate revocation date?

If you download the certificate revocation list, you can search it for your certificate's serial number. Windows has a built-in viewer for CRLs, I'm not sure about other operating systems but they probably have tools as well.

Thank you. Does this give any more information about why the certificate is "revoked"?  I still have no idea why it was.
Reply
#35
I dont believe it's included in the CRL. This makes some sense from a security standpoint as it could let unfriendly parties know what happened at a particular company they may be interested in.

If neither HostGator nor Comodo is providing the reason for the revocation, I would assume one of them messed up and is trying to cover it up. One theory could be a HostGator admin revoking the wrong certificate.

Glad it's all resolved though.
Reply