patrick.net

No issues

Thanks.

nope

Ironman says

I get those continually when accessing from my phone (like right now). MAJOR PITA

what kind of phone? make a model?

Ironman says

I get those continually when accessing from my phone (like right now). MAJOR PITA

Same here. Motorola Moto X.

Free Speech Forum doesn't ban retards.If it did there would not be any respondents. lol

Patrick says

anyone else having problems with the site?

Yeah, too many assholes on it!

Patrick, I also get the certificate errors with my phone, but not PC. The phone is a Motorola Turbo2.

Dan8267 says

Yeah, too many assholes on it!

Patnet is the International ASSHOLE Headquarters.
New posters don't realize what charming, impeccable company they are in.

joshuatrio says

Motorola Moto X.

Ironman says

Motorola Droid

YesYNot says

Motorola Turbo2

I see a pattern.

What does Motorola have against letsencrypt.org certificates?

The NSA bot keeps telling me I am on the John Hinckley Jr. watch list.

Patrick says

Anyone else?

Working fine for me.

There are fewer problems with this site and it loads faster than any other site I regularly visit.

I'm not even remotely kidding.

Ironman says

They all run Android (and Google bought and sold Motorola).

Go stop over and ask Larry Page why it's happening. :)

That's a very interesting point. Maybe Google does not want Motorola phones competing with its Nexus line, so it bought Motorola and deliberately fucked it up. My Nexus works fine with patrick.net.

Larry Page was actually a classmate of mine at U. Michigan in engineering school. Not kidding. Did homework with him a few times. Alan Steremberg was also in that crowd, and he went on to co-found Weather Underground. I turned out to be the slacker, just getting a normal job.

freespeechforever says

There are fewer problems with this site and it loads faster than any other site I regularly visit.

I'm not even remotely kidding.

Thank you man! Sniff. I put a ton of work into it.

Yep, certificate errors. Happens all the time with Chrome, but not with FF. I'd look into certificate chain file (at least it was the culprit that one time when I had to look into inconsistent certificate errors)

mostly reader says

I'd look into certificate chain file

What exactly was wrong when you looked into it then?

Hmmmm. I didn't get the cert issue today.

Disclaimer: I'm not a true admin. Having said that:

- it needs to be there, unless your certificate key is issued by the root authority (unlikely, you probably got yours off godaddy or such)
- a configuration in /etc/httpd/conf.d/ssl.conf would looks something like this:
----
SSLCertificateKeyFile /etc/pki/tls/certs/name_of_your_cert_key_file
SSLCertificateChainFile /etc/pki/tls/certs/name_of_your_cert_chain_file
----
- permissions/owner for ssl.conf matter IIRC, root/644 should work

that's for CentOS, Ubuntu is probably the same or close, YMMV.

In case that I'm talking about, chain filename was misspelled in ssl.conf
I'm not sure why it was inconsistent and would work in some environments and not in others (same client machine, different browser)

Here's what I have, which was mostly set up by the letsencrypt install script:

patrick@primo% grep ssl /etc/nginx/nginx.conf
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/patrick.net/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/patrick.net/privkey.pem;
patrick@primo% ls /etc/letsencrypt/live/patrick.net/cert.pem
lrwxrwxrwx 1 root root 35 Oct 16 05:52 /etc/letsencrypt/live/patrick.net/cert.pem -> ../../archive/patrick.net/cert5.pem
patrick@primo% ls /etc/letsencrypt/live/patrick.net/privkey.pem
lrwxrwxrwx 1 root root 38 Oct 16 05:52 /etc/letsencrypt/live/patrick.net/privkey.pem -> ../../archive/patrick.net/privkey5.pem
patrick@primo% ll /etc/letsencrypt/archive/patrick.net/cert5.pem
-rw-r--r-- 1 root root 1809 Oct 16 05:52 /etc/letsencrypt/archive/patrick.net/cert5.pem
patrick@primo% ll /etc/letsencrypt/archive/patrick.net/privkey5.pem
-rw-r--r-- 1 root root 1704 Oct 16 05:52 /etc/letsencrypt/archive/patrick.net/privkey5.pem

joshuatrio says

Hmmmm. I didn't get the cert issue today.

Maybe people are saying that they are getting mixed content (http and https) errors. Those are not due to any problem with the certificate. They should be diminishing now that I don't simply link to new http-based images, but instead actually upload the image and serve it from https://patrick.net myself. Though there are still quite a few links to http-based images in old posts which will cause the warning.

@joshuatrio
@Ironman
@YesYNot

Could any or all of you post a screenshot of the ssl error here? Thanks!

> Patrick
I don't see anything wrong with your outputs. It appears that your refreshed your certificates 2m. ago. Not sure if that's when I saw the issue for the first time, but it "feels" about right - perhaps it's the certificate chain file itself that has a problem (/etc/letsencrypt/archive/patrick.net/cert5.pem).

Edit: Actually, it makes sense that a problem with chain file would produce these inconsistent results (i.e. varying between different clients) Browser software gets to decide which issuing authority to trust unconditionally (i.e. chain is not needed) and which one not to. In the latter case, the issuing authority itself needs proof that it's what it pretends to be (i.e. chain which originates at trusted authority)
So yeah, different behavior for different platforms is expected: for some clients, i.e. those that trust your issuer, just your key file might be ok.

The only problem I ever have is on Adroid Chrome or Firefox.
Chorme makes you click through three dialogs on every load. Firefox will ask you if you don't already have a Patrick panel open.

Thanks @Ironman please try again now.

I changed my nginx config to use

ssl_certificate /etc/letsencrypt/live/patrick.net/fullchain.pem;

instead of this:

ssl_certificate /etc/letsencrypt/live/patrick.net/cert.pem;

Works fine now.

Sweet. I just opened a bunch of threads on my phone with no errors. You kick ass Patrick. Thanks to mostly reader as well. You've more than redeemed yourself in my eyes from that other thread :-).

mostly reader says

Works fine now.

Woohoo! Happy you pointed out the underlying problem. Thanks.

YesYNot says

Patrick, I also get the certificate errors with my phone, but not PC. The phone is a Motorola Turbo2.

I think this is everyone. It's because your desktop browser allows you to store a security exception for the invalid HTTP certificate, and chrome browser on your Android phone does not. The solution is to either remove the server certificate, or only use your desktop, or wait for the mobile version of Chrome to allow storing security exceptions, or use a different browser on your phone which might work better.

Anyone here on their phone not using Chrome?

Booger says

Anyone here on their phone not using Chrome?

I use Firefox on my Android phone.

@Booger Do you still get a security error on your phone now, even after I used the certificate chain instead of just my certificate?

Awesome, glad it worked.

I'm having trouble too.

When I open the site there is a bunch of whining and crying.

But that's probably not what you're talking about.

@Patrick, a lot of old threads have old images missing. For example

https ://patrick.net/uploads/2011/11/teabaggerbrain3.png

I'm using IE11 as the browser and I can't seem to quote.

Clicking the "Quote" link takes me to the bottom of the page but no text is shown that I just quoted.

Dan8267 says

a lot of old threads have old images missing. For example

https ://patrick.net/uploads/2011/11/teabaggerbrain3.png

Shit, don't know what happened to that. Once uploaded, images should never go away. Thanks for telling me. I'll poke around.

BayArea says

I'm using IE11 as the browser and I can't seem to quote.

Clicking the "Quote" link takes me to the bottom of the page but no text is shown that I just quoted.

I bet it's IE11-specific. I don't have IE11 so hard to test. Do you see anything in the javascript log for the browser?

rando says

I bet it's IE11-specific. I don't have IE11 so hard to test.

That's what online multi-browser testers are for. I would recommend http://browsershots.org/ but it evidently doesn't work with "adult or gambling sites" like patrick.net. Just tried this thread's URL.

Now excuse me while I place my bet on the nude jello wrestling.

rando says

Once uploaded, images should never go away. Thanks for telling me. I'll poke around.

Please do that. I use PatNet to store all my porn.

Dan8267 says

That's what online multi-browser testers are for. I would recommend http://browsershots.org/ but it evidently doesn't work with "adult or gambling sites" like patrick.net. Just tried this thread's URL.

Woah, that's hysterical:

Everyone knows that PatNet is just an adult-themed gambling site for perverts and sex trade professionals.

So why does Reddit get away with Girls Gone Wild, without being classified as an adult site?

I think it's all the goat porn that puts PatNet over the top. That and all the topless pictures of Tom Selleck. Sorry, my bad.

you got a leftist parrot on the site. next time you see it - please give it a cracker, so as to shut it the fuck up.

mmmkay thanks patrick.