Finally, Binero offers Let’s Encrypt SSL certificates

Finally! It took a while, but as of midsummer Binero now offers SSL-certificates from Let’s Encrypt. And it’s really smooth installing them as well, at least on WordPress which is the only kind I’ve tested so far.

Since there is a drawback, ignoring the fact that the service is in beta-mode, (something which for example shows up when you try to access all help- or info-links, where all info is not yet in place), there is currently a limitation on 2 certificates per account.

Well, it doesn’t say so anywhere, but I could only register two certificates for my account, and as a consequence since I’m running two main sites and two subdomains, two of these are still missing certificates. And the webmail is also (still) missing a certificate.

All in all I believe I would need 6 certificates to cover all current needs. Or a (two) wildcard certificates. Or I’d need to redesign some of the subdomains into being integrated subfolders in the main site. Something I don’t really want.

But Let’s Encypt is free, so why not just order the additional certificates. Well, first of all Binero charges a small administrative fee for these. Not so expensive but I think I’ll manage without for the time being, (at least during beta). And secondarily, the link to order additional certificates doesn’t work yet… Another beta-flaw I suspect.

But still, it’s a giant step forward. And just in the nick of time, since most web browsers are about to start flagging http-sites as unsecure, beginning now in July, and going a step further after summer vacations, in September.

And I’ve yet to find out how to force https-redirections through .htaccess. My initial attempts haven’t worked, even though as per WordPress recommendations.

But despite some minor glitches, so far this is a huge success!

Advertisements

Disabling Firefox insecure password form warning

While I believe in security in general, and in SSL-certificates as a means for that, it gets quite annoying to have the newly released password form warning for several of my sites.

In particular my home router and my intranet NAS-box at home, which prefers http login, even though the NAS actually comes with an https-variant, which unfortunately does not work very well since it uses a self-signed certificate issued to QNAP NAS, and therefore does not match the hostname/URL of my configured NAS. Which still creates warnings and needs for exceptions and so on rather than actually helping out.

But anyway, the point of this post was not about QNAP, (who beyond this little misstep makes a splendid product), but about how to disable the insecure password form warning in Firefox, and also how to re-enable password autofill on http sites again.

So. Here’s how to disable Firefox insecure password warnings:

  1. Open a new tab, paste about:config into the address bar.
  2. In the Search box at the top, paste insecure_field_warning.contextual.enabled
  3. Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.

To also restore autofill functionality, so saved login/password automatically populates in an HTTP form here’s how:

  1. In the Search Box on the about:config page, paste signon.autofillForms.http
  2. Double click the setting to change it to “true,” to enable autofill

And I believe the old joke on doing unsafe things you shouldn’t used to come with the warning “don’t do this at home!”… 😉

One thing I would like very much however is for Binero to come up with their planned support for free SSL-certificates through some 3rd party provider. (I believe Let’s Encrypt was mentioned in a comment to a blog post a while back but now I can no longer even find that specific blog post so it might have been deleted).

 

 

Quarterly website backup done

WordPress has become quite stable with their new automatic update functionality. So stable that it’s to forget making proper backups, and just rely on the webhost to have this (which is not the case here) and the auto-update to always work (which so far has been the case).

But since the last backup was just before new years, it seemed like a good time to go about this painful task again. Painful because the way to backup the sites from the service provider is through FTP, and because the FTP connection gets disconnected over and over, with an error message that I’m over limit of 10 simultaneous connections, which is interesting since I’ve set FileZilla to never go above 8.

I’ve tried to lower it to 5 connections, and while the error won’t go away, it at least reconnects more quickly, less waiting time for sessions to die I would guess.

But now I’m done for this time, 4 websites, plus mySQL databases, 50000 files, and about 1,75 GB of data saved to local device for later transfer to bank vault.