SSL Issue [UPDATE: Resolved]

No need for alarm.

Some of you are likely seeing something like this as you try to load our site:

You’re not in any danger. Indeed, unless you have top-level posting privileges, you don’t use a password and we don’t collect credit card information.

We made the shift to the more secure HTTPS protocol a couple years back and apparently our free license has expired. I’ll get it updated as soon as possible.

UPDATE: Our IT guy, Jason Lefkowitz, informs me that our certificate auto-renews every three months and is still good through January. He’s restarted the server and the issue seems to be resolved. Let me know if you see the issue re-appear.

FILED UNDER: OTB History
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Nightcrawler says:

    PSA: The existence of an SSL cert != a secure or even a legitimate site. Anyone can get a free SSL cert. Hackers can and do get them for phishing and drive-by download sites.

    ReplyReply
    3
  2. Sleeping Dog says:

    Wasn’t too worried about it. Funny it only kicked off one one post.

    ReplyReply
  3. Jon says:

    @Nightcrawler:

    Hackers can and do get them for phishing and drive-by download sites

    Yes but typically those are for fraudulent domain names too, like ‘capita1one.info’ or similar. It is harder to get a free certificate for a domain you do not control DNS and/or hosting for. But the larger point is valid; an SSL certificate in no way confirms a site itself is secure or legitimate, rather it just encrypts traffic between your browser and the site. What happens on the site side of things is completely out of the SSL certificate’s purview.

    Also I’m see the new cert, with an expiry of 1/21/2021.

    ReplyReply
    2
  4. Jon says:

    @Jon: 1/23/2021, stupid no edit button.

    ReplyReply
  5. Barry says:

    Thanks for your work keeping this place running, James!

    ReplyReply
    2
  6. Gustopher says:

    You’re not in any danger. Indeed, unless you have top-level posting privileges, you don’t use a password and we don’t collect credit card information.

    Of course, they might have gotten James’ password and are now creating top level posts trying to reassure us that it’s all fine, before asking us to download NotAVirus.exe and run it.

    ReplyReply
    3
  7. James Joyner says:

    @Gustopher: You never know.

    ReplyReply
    2
  8. Just nutha ignint cracker says:

    I was at a middle school when I visited the site earlier today (I normally comment in such a case as “just nutha” because it’s less likely to get mistaked by my tremor), and the screen you show popped up, but then the system passed me through. I was surprised because the district both monitors what everyone does on the system and has blocked the site before.

    Funny side story: The district system always blocks LGM because the word “guns” is in the name and the state supports “zero tolerance” gun policies for schools.

    ReplyReply
  9. fredw says:

    Why are you running SSL; because google says to? What sensitive data are you protecting. What NSFW content do you host? I use a filtering proxy that can filter on content, but not with an SSL connection. The rush to SSL to humor Google actually makes me less secure. Just sayin’.

    Thanks for this site, SSL or not.

    ReplyReply
  10. James Joyner says:

    @Just nutha ignint cracker: The weird thing is that my SSL actually auto-renews for three-month increments and the current one doesn’t expire until January. Not sure what the deal was but a reboot seems to have fixed it.

    @fredw: Yes, pretty much because Google penalizes sites that don’t run in https mode and flags them as insecure. So far as I understand it, we don’t collect any user data at all.

    ReplyReply
  11. Just nutha ignint cracker says:

    So far as I understand it, we don’t collect any user data at all.

    Maybe that’s the actual problem. How is Google supposed to value you as a client if you don’t have any user data to give them?

    ReplyReply

Speak Your Mind

*