Trying to connect to https://openhumans.org fails

[abramconnelly]

While trying to connect to OpenHumans via https://openhumans.org, I eventually a 'This site cannot be reachedt' message:

Trying http://openhumans.org redirects to https://www.openhumans.org and loads without issue. Trying to connect direct to https://www.openhumans.org loads without issue.

[madprime]

Redirect from openhumans..org to www.openhumans.org is configured using S3 to redirect. (c.f. http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html ) Unfortunately, this doesn't include SSL setup – so it doesn't work for https. When I last looked into this, I concluded it was an edge case unlikely to occur, and thus not a priority.

Fixing this is likely to require installing our SSL certificate into AWS. I've managed to keep our SSL up-to-date on Heroku, but I don't do a lot of SSL management (making fixing less trivial).

[gedankenstuecke]

Maybe @philippbayer can be of help here. He set up openSNP in a way that https://openSNP.org and https://www.openSNP.org work without a problem as far as I can tell. 🙂

[philippbayer]

I don't think I'm much help here - for the www/non-www that's set up by default in DreamHost - one A record and one www-A record. For the SSL certificate, when I generate it I tell let's encrypt to make one cert for both opensnp.org and www.opensnp.org as in https://community.letsencrypt.org/t/certificate-for-www-and-non-www/23965

Using the dehydrated client, it's a matter of using the line 'opensnp.org www.opensnp.org' in the domains.txt so one cert is issued for both.

I don't think that'll help much here?

[gedankenstuecke]

Ah, gotcha. @madprime What about this howto? https://simonecarletti.com/blog/2016/08/redirect-domain-https-amazon-cloudfront/ Sounds like this is exactly for the case we have?

[madprime]

That looks promising, we should look into that solution. The SSL is currently handled on Heroku and I don't recall it being super fun & easy last time I had to do it. That said, we need to renew it anyway, so it's already a topic. (It will expire in 34 days.)

[mldulaney]

Doesn't seem to be a thing any longer.

[gedankenstuecke]

Because we don't care for it? (which would be fine).

But at least to me going to https://openhumans.org still leads to the same problem as initially described.

[madprime]

Huh. Firefox redirects to www, but Chrome doesn't.

My recollection is that this was fairly complicated/hard to fix between SSL and DNS configuration issues for the root domain. It's not a bug in the code, but rather in those other layers of administration of the site.

[gedankenstuecke]

Actually, my Firefox doesn't redirect either when clicking the link I posted above.

(and yeah, it's not a trivial fix somehow - just wanted to note that it's not solved)

[mldulaney]

oh, I just looked at it in Firefox and it just worked? But, yeah, trying again in chromium gets not working, so I guess I can reopen.

[mikepsinn]

Just an idea, if you use Cloudflare for your DNS, it would be easy to add a redirect Page Rule in your account.

Cloudflare is really nice because SSL and a few Page Rules are free and a lot of stuff you'd normally have to do in web server configs can be centrally handled for all your subdomains in their UI. Not to mention free caching.

DNS migration to Cloudflare was easy for me because you can import zone files, but I'm not sure how much work it would be for you or what your current DNS situation is.