Page 1 of 1

Factorio website thought of as insecure

Posted: Fri Aug 19, 2022 10:47 pm
by Sesame_Slayer
When I try to enter all factorio sites, my browser (Microsoft edge, I know I should use chrome) claims that all sites, except the main one (factorio.com) are insecure/malware. This has only occured today, and on other computers. I have not seen any malicious things occurring, just giving a heads up.

Re: Factorio website thought of as insecure

Posted: Sat Aug 20, 2022 6:58 am
by Koub
Sesame_Slayer wrote:
Fri Aug 19, 2022 10:47 pm
my browser (Microsoft edge, I know I should use chrome)
Edge is not anymore the failure Internet Explorer used to be. It plays in the same groupe as Chrome, using any is a matter of preference.
When your browser said it was insecure, did it tell why it identified it as insecure ?

Re: Factorio website thought of as insecure

Posted: Sat Aug 20, 2022 9:37 pm
by Sesame_Slayer
It no longer claims it is insecure, but I'll tell you (along the lines of it, I don't really remember) what it says:
The website server failed to respond with a code it needs to prove legitimacy.

Re: Factorio website thought of as insecure

Posted: Sun Aug 21, 2022 7:28 am
by Koub
Interesting, this looks like a cURL error message : https://linuxpip.org/curl-failed-to-ver ... he-server/
Anyway I suspect what happened is that you tried to browse the forum just during a certificate renewal (or at a moment where the previous certificate was expired, right before it was renewed).
The forum's certificate was renewed just a couple hours before your post, hence my assumption.

Re: Factorio website thought of as insecure

Posted: Sun Aug 21, 2022 12:37 pm
by Tertius
Looks like a certificate error, which is in most cases an expiration issue.
If one looks at the current forum website certificate, it's a fresh one created at 19.08.2022 22:06:52 by Let's Encrypt, and Let's Encrypt certificates are valid for 3 months.
That short expiration time means, the website operator has to employ automated certificate renewal.
The common letsencrypt client renews automatically 1 month before expiration.

If you got an expired certificate, the automated renewal process might have failed and it was renewed manually when the webmaster detected this when he got the certificate error himself. In the meantime you might have got the certificate error. This would explain the error message you got and the recent renewal date of the certificate.

However, this explanation is valid only for the forum website. The main website and mod portal are behind Cloudflare and use a Cloudflare certificate that was never invalid these days, and the wiki website also uses a letsencrypt certificate but this wasn't near expiring as well.