[certera]

I'm going to shamelessly plug my project, Certera, here. It handles monitoring/tracking, cert issuance and renewals and helps larger organizations manage their certificate needs more consistently.

https://docs.certera.io

[reagan83]

I just tried to go to www.certera.io to learn more and got a “connection not private” warning page in Safari on iOS. Very ironic :)

[GuyPostington]

   $ echo | openssl s_client -connect "www.certera.io":443 -servername "www.certera.io" -verify_hostname "www.certera.io" 2>/dev/null | openssl x509 -noout -issuer
   issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA

   $ echo | openssl s_client -connect "certera.io":443 -servername "certera.io" -verify_hostname "certera.io" 2>/dev/null | openssl x509 -noout -issuer
   issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

[certera]

I'm hosting on Github pages and it only issues a single cert for the one custom domain configured.

https://github.community/t5/GitHub-Pages/Does-GitHub-Pages-S...

Hopefully when I make some money I can move to a hosted setup where I can control it all.

[cdolan]

I did not have this issue on iPad OS

[woofcat]

  ~# dig -t A +short www.certera.io
  certera-io.github.io.
  185.199.108.153
  185.199.110.153
  185.199.111.153
  185.199.109.153

  ~# dig -t A +short certera.io
  185.199.108.153
  185.199.109.153
  185.199.110.153
  185.199.111.153

Looks like https://www.certera.io is going to github of which is only returning a cert for itself, and not his domain name.

[snowwrestler]

http://www.certera.io redirects properly to https://certera.io.

https://www.certera.io fails the certificate check.

It's a good example of the difficulty of getting TLS perfectly right.

In theory this set up is fine; the default behavior of all the browsers when typing "www.certera.io" is to interpret it as a request for http://www.certera.io.

But if the client has anything in place that automatically upgrades http to https before submitting the request, you're going to need a valid cert for the www subdomain in place or you'll throw a cert error before reaching the redirect.

Even if your site omits the www subdomain in production (as certera does), a lot of users will just type it in anyway. So, you better be ready to handle that request via https.

[certera]

You're spot on. I was aware of this limitation of GH pages and once I make money, I can start spending on actual hosting. I explained more above.

[donmcronald]

Looks cool. I'm going to try it out for my home lab setup. I like the docs layout. What is that?

Any thoughts on the license? How is it working? Why did you pick that? I like that type of license, but it's not very common. Drone does it too, but I haven't seen many others. You don't have to answer if you don't want to, but it's nice to see people deviating from standard licenses like GPL and MIT since I feel like those make it too easy for large businesses to take advantage of small projects.

Your licensing and attribution pages look like a lot of thought went into it, so you probably have some decent insight.

[certera]

GPL is great for certain types of products, however, infrastructure types of projects aren't one of them.

I haven't been marketing at all, and I just recently finished the first stable release, so the jury is still out on whether this is all a good idea or not!

The docs are based on ReadTheDocs, but settled on a single file layout instead of having multiple pages.