News from the No Agenda Tech Desk:

* Zeronode IRC has brand new 2 year valid SSL certificates, two other sites to follow;

* No Agenda's servers have received massive updates;

* Fixed a long standing bug with stuff that incidentally crashed the livestream;

* Improved latency and increased throughput on all servers (for the geeks: switched to the FQ traffic shaper algorithm and BBR congestion control protocol)

* Lots of small changes.

We're ready for the new decade!

Β· Web Β· 3 Β· 7 Β· 11

Hi @voidzero I'm getting this error about the server's cert when I try to connect. Is there something I need to tweak/refresh on my end?

β”‚10:16:11 na-trolls =!= | gnutls: peer's certificate is NOT trusted
β”‚10:16:11 na-trolls =!= | gnutls: peer's certificate issuer is unknown
β”‚10:16:11 na-trolls =!= | irc: TLS handshake failed
β”‚10:16:11 na-trolls =!= | irc: error: Error in the certificate.
β”‚10:16:11 na-trolls -- | irc: reconnecting to server in 1 minute, 20 seconds

@voidzero I figured it out. I had to set the ssl fingerprint to 584dbf264ea4661d2d0867858dde92b3913213fe

@cgeek5467 strange that the cert issuer is unknown. The server is providing a chain. Something's wrong locally but I'm glad you found a workaround.

@cgeek5467 woops, the issue was on our end. Yeah you can pin the SSL certificate, but this will be invalid in two years so keep that in mind.

If you could help me test the fix - try to unset that fingerprint momentarily, reconnect, see if it connects properly, then set the fingerprint back.

@voidzero cool beans. disconnected. removed fingerprint. reconnected. no problems. TYFYC and thanks for all you do!

@voidzero isn't it a thing that SSL certs are only supposed to be valid for 1 year now? (browser standard anyways)

@voidzero @coldacid ya, I was very surprised when I heard this. I wasn't aware of any time limit before. But browsers are very pushy these days.

@sirphenom @coldacid @noagendashowvideo yes. But LE does not support wildcard certificates, and if you need to manually renew them, it can be quite some hassle to do it every 90 days.

@voidzero @sirphenom @coldacid actually they do finally support wildcard * certs! And I've done some pretty cool setups to get them auto renewing - I agree manual would be an issue every 3 months. Not that I'm all-in on LE, but it's life.

@noagendashowvideo @sirphenom @coldacid LOL alright already! Shows you how much I was working on other stuff! πŸ˜†

Well. I got two years to figure this out, if I can automate it with icecast. Nginx should be doable. Thing is, I still have to make one cert that installs to five servers. So that's another one of those pesky things. I could use ansible for that, but there are many moving parts.

@voidzero @noagendashowvideo @coldacid I've only used LE when it was setup on the server and set to autorenew the certs every 90 days - the platform has over 100+ sites, so LE was worth it after it was added by our braindead consultants

@CSB 1. They don't support wildcards.
2. I don't want to renew them manually every 90 days.

@voidzero if proper scripts in place they auto-renew automatically

I used letsencrypt for before moving to Wordpress dot com from self-hosted and renewal was
not at all melodramatic but fully automatic

@CSB they autorenew in certain cases. Using them with icecast is not one of those cases. And see my prior point #1.

Sign in to participate in the conversation
No Agenda Social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!