The Lemon Fool

Your connection isn't private
Attackers might be trying to steal your information from http://www.lemonfool.co.uk (for example, passwords, messages or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: *.sucuri.net

Issuer: Go Daddy Secure Certificate Authority - G2

Expires on: 7 Oct 2023

Current date: 20 Aug 2023


Certificate Transparency:

SCT Google 'Argon2023' log (Embedded in certificate, Verified)

SCT DigiCert Yeti2023 Log (Embedded in certificate, Verified)

SCT Cloudflare 'Nimbus2023' Log (Embedded in certificate, Verified)

I've noted the same issue.

And me.

V8

SSL being updated apparently. C.

Snap.

But here I am…

So your lemonfool login credentials have been passed over an unencrypted connection. As have mine a couple of hours ago.

If it had been your bank or your broker, that would be a serious concern and you should change your password immediately as well as raise it with them. With lemonfool, you decide how much it matters. If someone hijacks your account it's an inconvenience, and something posted in your name could be an embarrassment. But it's not exactly critical!

Unless you do something ultra-dumb like using the same login/password across other sites where it would really matter!

I'm not concerned.

I'd imagine that for most posters that the links between them and lemonfool are likely quite direct. PC, ISP backbone, lemonfool. Little in the way of transitioning through networks that might be recorded for hacking purposes.

I'm OK with using old http style and changing my password once https is back up and running again, as others have said a potentially hacked lemonfool password isn't really that much of a issue.

UncleEbenezer wrote:So your lemonfool login credentials have been passed over an unencrypted connection. As have mine a couple of hours ago.

Whoops. That's not actually what's happening. Chrome's browser message there was totally misleading.

Like the OP, I shall await comment from the site managers.

Firefox on Linux Mint is doing it too.

‎
Just thought I'd add a note here to suggest that anyone who might have altered their local PC HOSTS file to cope with the site-slowness issue that was affecting Lemon Fool back in December is likely not to be seeing any browser issues regarding this recent change to SSL certification, because the current SSL issue is picked up during DNS resolution, which was potentially bypassed by anyone using the HOSTS file trick to fix to the earlier DNS-related slowness problem back in December...

As this SSL certification issue is hopefully likely to pass soon, and the December slowness issue has now gone away due to other beneficial work on the server side of things by Stooz, then I'd recommend that anyone who had previously altered their HOSTS file to cope with the December slowness issue now removes that HOSTS-file by-pass entry on their own systems...

If none of the above means anything to you, then please don't worry about it, but I know there were a few of us here who used the HOSTS file trick to get around the December slowness issue, and I just wanted to throw in a reminder that it might unnecessarily still be in place for anyone who did...

Cheers,

Itsallaguess

<previous post deleted>

yes - Ive tried the hosts file entry of

91.146.105.202 http://www.lemonfool.co.uk lemonfool.co.uk

as that does indeed work.

which possibly suggests the DNS entries for

http://www.lemonfool.co.uk
lemonfool.co.uk

probably need updating (though Id imagine one of them would be a CNAME to the other)

didds

TLF seems to be accessible at two IPs currently, 91.146.105.202 and 192.124.249.153, and the latter gets the SSL error and the former doesn't. So DNS and the certificate are out of sync with each other. viewtopic.php?p=610200#p610200

Apologies for the outage/warnings about the site.

Stooz had upgraded our SSL and the changes took a while to propagate across t'internet. So the SSL was out of line for a bit which made the site appear suspicious to some browsers.

Clariman

Clariman wrote:Apologies for the outage/warnings about the site.

Stooz had upgraded our SSL and the changes took a while to propagate across t'internet. So the SSL was out of line for a bit which made the site appear suspicious to some browsers.

Clariman

It seems to have resolved itself chez kiloran over the past 15min or so

--kiloran

Hi all,
yes it was a large outage, for the technical among you, there is a new DNS IP, routing through a new firewall. The SSL needed updating to relate and this should have been seamless, but is now back up and running.
There may be more outages, but certainly not planned. But only that there is more work being done, so its possible.

The side benefit is the firewall has a CDN, meaning page delivery may improve.
There is also blockers from the sort of server errors we have had in the past which will be bypast from the site, keeping it up and running.

Thank you for your patience. - Any "planned" outages will be informed through the announcements board.

I used a VPN. Would that allay any concerns?

There is nothing stopping the way you get here, but there is controls around ads based on location, so if the VPN is sending you here via brazil who have different consent laws you may have difficulty or repeated consent popups as the VPN fakes your location

On my usual IP address the site puts up a message saying I have been banned for 24 hours based on my IP address. Using VPN the site seems to work fine.

GS

could you send me a screengrab of that there is no banning software unless its something google have added...

stooz @
lemonfool.co.uk

thanks

stooz wrote:could you send me a screengrab of that there is no banning software unless its something google have added...

stooz @
lemonfool.co.uk

I don't think the securi.net firewall agrees with you: viewtopic.php?p=610251#p610251

et al.