-
I'm going to have to purchase a new wildcard SSL cert and IP address for the cert to solve this.
It's going to cost LFGSS an extra £200 per year for the cert, and an additional £20 per year for the IP address for it.
The root cause is that either the operating system or browser doesn't support SNI.
The background to this is that SSL requires a fully encrypted conversation, which means talking to a server and encrypting the connection before the browser has actually made a HTTP request. The issue here is that the browser resolves microcosm.app and talks to the IP address to encrypt the traffic without yet saying "Oh, and this is for microcosm.app so use that SSL cert for the encryption".
SNI allows a browser to talk to a web server and during the initial part of securing the communication channel it adds "This is for microcosm.app". Which means a web server that also supports SNI can actually run multiple SSL sites on the same IP address.
This is a big deal because the IPv4 address space has been so exhaustively used up that it is now harder to just get an IP address.
To reduce costs after Microcosm failed, I moved LFGSS and Microcosm behind CloudFlare's Universal SSL. This uses SNI, and so it requires that the browsers and operating systems connecting to us support it.
The list of supported browsers and operating systems can be viewed here: https://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm
Desktop Browsers
- Internet Explorer 7 and later
- Firefox 2
- Opera 8 with TLS 1.1 enabled
- Google Chrome:
- Supported on Windows XP on Chrome 6 and later
- Supported on Vista and later by default
- OS X 10.5.7 in Chrome Version 5.0.342.0 and later
- Supported on Windows XP on Chrome 6 and later
- Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later).
- Note: No versions of Internet Explorer on Windows XP support SNI
Mobile Browsers
- Mobile Safari for iOS 4.0
- Android 3.0 (Honeycomb) and later
- Windows Phone 7
I had looked at my stats (Google Analytics) and could not see any significant usage of unsupported browsers (though I know that GA is incomplete as you may have adblockers installed that block GA).
But as you clearly are affected, I'll purchase the custom cert and will use that instead... and yes, CloudFlare support custom certs too but it's normally a further $200 per month though as an employee I thankfully get this for free.
So... I'll buy a custom wildcard cert for microcosm.app, will have my CloudFlare account upgraded, and will install it everywhere. This will take a couple of days as the SSL provider don't accept PayPal, so I need to withdraw the LFGSS funds for this to my personal account and pay using a debit card.
- Internet Explorer 7 and later
Velocio-
I have to admit I don't really understand much of that. So, it is going to cost $20 a year? How many others are there with this problem, I notice one or two in the thread.
I am using either Safari 5.1.0 or the latest Chrome on OSX 10.6.8, So should be supported according to the list. Thanks for your work sorting this out.
William.
does it give you an error message?>
Yes, Chrome says
This webpage is not available The webpage might be temporarily down or it may have moved permanently to a new web address.
Error code: ERR_CONNECTION_CLOSED
and Safari says
The certificate for this website is invalid, it may be another website pretending to be this website.
Edit, it turns out I can see most of the pictures on the Photo of the Day thread. Not sure what's different about them.