Untitled attachment

Notices where this attachment appears

1. Embed this notice
   Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 09-Feb-2025 02:54:39 JST Aral Balkan

   in reply to

   @s1r83r @stefan Thanks for the heads up, folks.

   So, here’s what’s happened:

   1. Let’s Encrypt removed OCSP support and starting rejecting certificate requests that require OCSP stapling (a privacy feature that Kitten inherited from my Auto Encrypt module) for new server requests and will reject certificate renewal requests starting in May.

   2. So I went ahead and removed the OCSP stapling requirement from the certificate requests Auto Encrypt makes to Let’s Encrypt.

   3. I also removed OCSP support from the server.

   Makes sense, right?

   Sure does, until you consider what happens to servers with already-provisioned Let’s Encrypt certificates that have certificates that require OCSP stapling. (kitten.small-web.org’s certificate got renewed four days ago, before I’d released the updates.)

   *Doh!* 🤦♂️

   Seems Safari and Chrom(ium) are fine with letting it pass. However, Firefox, (and correctly too, I might add), refuses to load the site.

   So I’m off to update Auto Encrypt to re-enable OCSP support with a note to disable it in May (by which time all certificates will have renewed anyway without the stapling requirement) and then issue new builds of @small-web/https and Kitten.

   Kitten servers should automatically upgrade and start working in Firefox in several hours. And you can also manually update them if you want to before then after I’ve announced the releases.

   Thanks again for letting me know.

   :kitten:💕

   #Kitten #SmallWeb #AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #OCSP

2. Embed this notice
   Aral Balkan (aral@mastodon.ar.al)'s status on Saturday, 08-Feb-2025 20:02:02 JST Aral Balkan

   I’m in the process of rewriting our sites that use Site.js¹, which has been deprecated for some time now, in Kitten².

   In any of your sites use Site.js, I’d highly recommend doing the same thing. This is also a heads up for anyone who uses Site.js to install and run their own Owncast server³.

   Site.js will be retired and the web site will start forwarding to Kitten’s at the end of April, 2025.

   In May, automatic TLS certificate renewals for existing sites will start to fail.

   (Kitten is the spritual successor to Site.js. Or think of Site.js as my first attempt at a Small Web server. I learned a lot while making it and a lot of the components I built for Site.js – like Auto Encrypt, etc. – live on in Kitten.)

   :kitten:💕

   ¹ https://sitejs.org
   ² kitten.small-web.org
   ³ CC @gabek, @owncast: If Site.js is still listed as a way of installing Owncast, now would be a good time to remove that and to relay this to folks in the Owncast community :)

   #SiteJS #Kitten #Owncast #SmallWeb #SmallTech #announcement #notice