Certificate Expired

Pinto · September 15, 2021, 1:02pm

Yesterday (September 14th) the certificate used for the personnel.29th.org domain has expired. As a Cybersecurity Engineer IRL I urge you to please update it ASAP.

Currently there shouldn’t be any real security issues with this, but browsers will complain about it, and some anti-virus will completely block you from accessing the page. Pic below related.

At the worst case scenario, some malicious user could forge a page that looks alike our roster page and start sending it to other members. Since currently we can’t verify the authenticity of our own page, our members could have trouble distinguishing the real page from the fake one. With this we are susceptible to phishing attacks.

Thanks!
T/5 Pinto

Wells · September 15, 2021, 2:40pm

+1 to all that i was just about to post about it

I feel a “Stop clicking On Shit Part 2” thread coming

Regan · September 15, 2021, 6:04pm

Cert wasn’t expired, nor is that what the error is indicating. It would say expired, not cert date invalid. This issue was caused by the nginx proxy container crashing. It has since been resolved.

Pinto · September 15, 2021, 6:55pm

Hi Cpl. Regan,

I just mentioned it expired, because it indeed was not valid anymore. Below pic of certificate used this morning

I see that the certificate being used currently is fine.

Regan · September 16, 2021, 3:20am

We use LetsEncrypt which automatically handles cert updates/changes. This is likely just a side effect of the issue with the nginx container crash.