[Website] SSL certificate for www.kvirc.net expired 2020-12-14

[RogueScholar]

This is concurrent with the co-hosted website that resolves requests for pragmaware.net/labs.pragmaware.net, both certificates being issued by Let's Encrypt X3, so a reasonable assumption would be a fault with certbot or whatever equivalent mechanism is employed to manage automatic renewal and installation of SSL certificates. When I encountered the error, I also executed a quick domain scan at ssllabs.com which revealed a few other web server configuration issues that might benefit from attention when the certificate issue is resolved:

• Communication over the SSLv3 protocol should be disabled to mitigate POODLE attacks
• Communication over TLSv1.0/TLSv1.1 should likewise be disabled to remove attack vectors using vulnerabilities in the RC4 and CBC cipher suites
• Disable use of cipher suites that don't offer forward secrecy, ideally leaving just ECDHE with a fallback option of DHE ⩾2048 bits enabled

Of course in a perfect world all HTTP traffic initiated over port 80 would be redirected to port 443 and conducted using TLSv1.[23], but I understand that we still have people starving to death in some parts of the world, so concerns about malicious code injection on websites for open source IRC clients might need to take a major backseat until more free time is available. I manage a few web servers for low-traffic sites myself and I've found Mozilla's SSL Configuration Tool to be pretty useful for getting the basics right, as well as their Observatory site for making sure any configuration changes are performing as intended.

---

Anyhow that's all I've got, and I only happened onto the certificate issue while trying to clear some lintian errors from the Debian packaging process, so please consider this a wish list level issue and not some effort to annoy you. I'll get those packaging fixes into another PR for you as soon as I'm able to iron out some of the more stubborn wrinkles, too, of course.

My sincere thanks to @DarthGandalf 🥇 for merging the last one in so quickly and without any of the usual pedantic quibbles so often encountered around here. I'd also be remiss not to again say thank you for keeping this great project going for such an incredible length of time; it's been the only IRC client I've used on *nix for ages. I actually performed a proper "meme-worthy" double take when in the process of familiarizing myself with the Debian packaging files I saw that KVIrc has been in the official Debian package archives dating back to 2000-10-10!! Pretty impressive stuff, and don't think it goes unnoticed or unappreciated. 🥂

[pragmaware]

Certificate updated. SSL apache configuration updated. @RogueScholar: Please take a look, if you can.

[DarthGandalf]

Seems working now. @pragmaware could you set up a redirect from http?

[wodim]

It only works with the www prefix, by the way. Need to have it working for both even if there's a redirect to www