News from the No Agenda Tech Desk:
* Zeronode IRC has brand new 2 year valid SSL certificates, two other sites to follow;
* No Agenda's servers have received massive updates;
* Fixed a long standing bug with stuff that incidentally crashed the livestream;
* Improved latency and increased throughput on all servers (for the geeks: switched to the FQ traffic shaper algorithm and BBR congestion control protocol)
* Lots of small changes.
We're ready for the new decade!
Hi @voidzero I'm getting this error about the server's cert when I try to connect. Is there something I need to tweak/refresh on my end?
│10:16:11 na-trolls =!= | gnutls: peer's certificate is NOT trusted
│10:16:11 na-trolls =!= | gnutls: peer's certificate issuer is unknown
│10:16:11 na-trolls =!= | irc: TLS handshake failed
│10:16:11 na-trolls =!= | irc: error: Error in the certificate.
│10:16:11 na-trolls -- | irc: reconnecting to server in 1 minute, 20 seconds
@voidzero I figured it out. I had to set the ssl fingerprint to 584dbf264ea4661d2d0867858dde92b3913213fe
@cgeek5467 strange that the cert issuer is unknown. The server is providing a chain. Something's wrong locally but I'm glad you found a workaround.
@cgeek5467 woops, the issue was on our end. Yeah you can pin the SSL certificate, but this will be invalid in two years so keep that in mind.
If you could help me test the fix - try to unset that fingerprint momentarily, reconnect, see if it connects properly, then set the fingerprint back.
@voidzero cool beans. disconnected. removed fingerprint. reconnected. no problems. TYFYC and thanks for all you do!
@cgeek5467 you betcha!
@voidzero isn't it a thing that SSL certs are only supposed to be valid for 1 year now? (browser standard anyways)
Starting Sept. 1, Safari will no longer trust SSL/TLS certificates with validity periods longer than 398 days
And Let’s Encrypt is 90 days and free! 👍🏻
Well. I got two years to figure this out, if I can automate it with icecast. Nginx should be doable. Thing is, I still have to make one cert that installs to five servers. So that's another one of those pesky things. I could use ansible for that, but there are many moving parts.
@voidzero why not letsencrypt SSL certs?
@CSB 1. They don't support wildcards.
2. I don't want to renew them manually every 90 days.
@CSB they autorenew in certain cases. Using them with icecast is not one of those cases. And see my prior point #1.
@voidzero okey dokey, no worries, I was just wondering
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!