(This post edited to be more descriptive about what the problem is, and not just a blanket “your stuff is broke” type comment; this may cause the comments in this thread to be a bit confusing.)
Vincent Baker Notice to you that lumpley and the apocalypse world website’s HTTPS access appear not to be setup properly.
At the moment they have a certificate error (invalid common name) which prevents browsers from getting to your site via HTTPS without either including an exception for your cert, or just proceeding past browser warnings (if their software will allow them to do that).
Please fix this if you can.
Looks all okay to me. Are you still getting that?
Yes, I am. This may be down to our firewall/proxy settings at work. When I try to use Chrome on my mobile browser (not through our office interwebz) to get to https://www.lumpley.com, Chrome gives me a “your connection is not private” error giving the error as `NET::ERR_CERT_COMMON_NAME_INVALID`.
Your host name is `http://www.lumpley.com` but the common name in the cert appears to be `*.web-hosting.com`, and this mismatch might be causing my issue.
When I try to go to http://www.lumpley.com in my mobile browser, it works fine.
This may or may not be within your power, or desire, to fix.
Thanks! I’ll look into it.
You should be able to add a cert exception Viktor Haag – bad certs are a common problem
I did try to access the DitV resources the other day and got similar errors. I thought maybe those resources weren’t being maintained due to the age of the game, but this makes me hope that the two are related.
Aaron Griffin bad certs may be a common problem, but people should fix their bad certs, if they can.
Viktor Haag yes but “hey your certificate is bad but I can still use your site” is significantly better than “raise the alarms your site is broke”
Aaron Griffin This is a long answer to your point. I will also amend my post’s text to be more clear about what the issue here is. But I feel like this response also needs to be said, so:
I can only use his site if I spend cellular data to use it, or when I get home, and use the HTTP access to the site.
If I try to use it via HTTPS, then either:
– Chrome tells me it’s not safe
– My office web-proxy tells me it’s not safe (and my office web-proxy will automagically make me not use HTTP)
HTTPS not properly configured is broken (I did say “for various flavours of broken”), and in this case, broken in a way that’s on the server end to be fixing, not my end.
It’s all very well to say “hey! don’t worry you have a workaround”. Of course I do. It’s to ignore that the site’s not properly configured to be used in a secure manner. Ignore certification errors is a big problem in HTTPS adoption, and, like with unicode, people need to sort of suck it up and realize that they’re in a world where HTTPS should be everywhere, and pretty soon will have to be everywhere because the major browser vendors will require it.