Recently I encountered a problem with SSL on one of my websites … some web browser could not connect securely.
When I ran a test from Linux, I got the following error:
OpenSSL: error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
After a bit of digging, I found that a recent upgrade to the certbot-auto tool, that creates LetsEncrypt certificates, caused the problem.
The fix was to modify /etc/letsencrypt/options-ssl-apache.conf so that the SSLSessionTickets setting was set to on.
Many of us who manage websites are familiar with Google’s ‘Search Console‘. The search console is a way for webmasters to manage how Google interacts with our web sites. It provides functions to tell Google what parts of the site to search, what parts to ignore, and determine what pages are doing better than others.
One of the functions it provides is a way to see what parts of a web site that Google has indexed and what part it hasn’t. It also can tell what parts of a site it is ignoring and, to a certian extent, why it’s ignoring them.
One of the reasons that Google might be ignoring a page is because it’s been to be determined to be a ‘Soft 404’.
What’s a Soft 404 error?
Well, a REAL 404 error is a page not found. It’s a function of the web server software. Most web servers provide the ability to use a custom page when a 404 error is encountered. You can see an example of one here.
As for a ‘Soft 404’ … according to Google …
A soft 404 means that a URL on your site returns a page telling the user that the page does not exist and also a 200-level (success) code to the browser.https://support.google.com/webmasters/answer/181708?hl=en
While some sites might actually do that … handle a page not found error with a friendly page but indicate to the browser that it’s a normal page (200 status code) … I suspect it’s actually a minority of sites (granted, it may be a way to game the system).
However … it turns out that pages that contain the words ‘not found’, ‘error’, ‘authorized’, ‘not allowed’, etc., in the title or body are often treated by Google as a soft 404 error … even if the page isn’t a 404 at all. Additionally, the words do not even need to appear on the page at all. The details of what constitutes a ‘soft 404’ are very mysterious.
If you’re seeing a lot of messages about untrusted TLS connections in your mail log when running postfix like this…
Untrusted TLS connection established to ASPMX.L.GOOGLE.com[220.127.116.11]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
… there’s a pretty easy fix.
We all agree that email is crucial to modern life.
But what email should you use?
Everyone gets email when they sign up for high speed internet service … the problem is that you’re tied to that internet service for that email address. If you switch service providers, you could lose the address. Even worse, if your provider goes out of business, you could loose access entirely. Sometimes the email provider charges a fee for better service and/or removing advertising.
Yes, you could use Gmail, Hotmail, Yahoo, or AOL, but you’re still tired to the provider. Plus, you don’t often get to choose the best address (firstname.lastname@example.org just isn’t that sexy).
Wouldn’t it be nice if you could get an email address that belongs to you forever?
As part of my migration to the cloud, I terminated the Comcast Business internet service and switched to Xfinity internet.
When I initially signed up for the Xfinity service, I got their cable modem / router / wifi appliance. My plan was to get my own cable modem eventually because Xfinity charges $13 / month to lease the appliance.
I was at Best Buy and saw that cable modems weren’t expensive, so I decided to purchase a mid-level model (Netgear CM600) so I could save the lease fee. The CM600 would pay for itself in about 8 months.
It took a while to get setup … and there were a few false starts, but eventually I got it working connected directly to my MacBook.
I ran into a problem when I switched the CM600 over to my ASUS RT-5300 wifi router.
I kept getting the message “Your ISP’s DHCP does not function properly” on the ASUS network map page.
With my recent migration of servers from my basement to Amazon cloud servers, I had to rework how my email filtering was setup.
One of the challenges was how to handle the numerous mailing lists I participate in. Especially since I’m the list administrator for many of them.
After a bit of research, and experimentation, I found a pretty good formula for handling the filtering.
Here’s a tip for internet domain owners:
Make sure the contact information for your domain has more than one email address. And make sure at least one of those email addresses is not in the domain itself.
If your email starts malfunctioning, you want people to be able to tell you about the problem … and if the only email addresses you list are in the actual domain, they won’t be able to contact you.
For example … if the mail server for example.com is having problem … and all the domain registration in the whois database shows ‘email@example.com’, Joe won’t be able to be notified there is a problem.
The contact information is publicly accessible via the ‘whois’ databases.
Domain registrars that offer whois privacy capabilities should let you list more than one email address when they redirect the email address that they list in the whois look-ups.
For privacy sake, I like using a PO Box for the mailing address on all my domains.
Our area has never gotten good cell phone coverage. Doesn’t really mater what carrier we used … AT&T or Verizon.
When AT&T announced that it was going to be making “MicroCells” available, I decided to get one … as it would help our cell phone coverage.
The MicroCell has been working fine for more than a year … but, all of a sudden (or so it seemed), it stopped working correctly.
I contacted AT&T and they tried a few things and asked me to try cycling power (unplugging it and plugging it back in). Nothing worked. I asked them to check to see if it was still under warranty … it wasn’t.
This is just a reminder to those people who run their own mail servers … make sure your backup MX’s are running properly.
Those of you who follow my blog (or know me in person) are well aware that I’m a big fan of Norton Ghost backup software.
One of the major problems I’ve had with Norton Ghost is the fact that it only provides the ability to create a recovery CD … it doesn’t provide any ability to install the recovery software on a USB flash drive. USB flash drives are much faster that CD’s and are read/write, so they can be updated at a later date.
After a bit of digging, I’ve figured out how to create one without too much trouble.