Recently I encountered a problem with SSL on one of my websites … some web browser could not connect securely.
When I ran a test from Linux, I got the following error:
OpenSSL: error:1408E0F4:SSL routines:ssl3_get_message:unexpected message
After a bit of digging, I found that a recent upgrade to the certbot-auto tool, that creates LetsEncrypt certificates, caused the problem.
The fix was to modify /etc/letsencrypt/options-ssl-apache.conf so that the SSLSessionTickets setting was set to on.
Lets Encrypt is an quick & easy way to add SSL to you website.
You can also use Lets Encrypt certificates to help secure your postfix mail server.
SSL SMTP allows mail clients & mail servers to send encrypted data.
If you’re seeing a lot of messages about untrusted TLS connections in your mail log when running postfix like this…
Untrusted TLS connection established to ASPMX.L.GOOGLE.com[220.127.116.11]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
… there’s a pretty easy fix.
Although not directly supported, it’s quite possible to use the LetsEncrypt certbot client on Amazon Lightsail Linux.
First of all … what is LetsEncrypt?
Let’s Encrypt is a free service that offers basic SSL certificates any web site. The certificates are good for 90 days but can be renewed indefinitely. With the proper software, the installation & renewal of the certificates can be fully automated.
There are a few things to be aware of and workarounds that need to be done.
First, download the certbot-auto client itself…
We bit the bullet … we got iPhones. Our Verizon cell phone contract has been up for quite a while and they’ve been bugging us to re-up for a new two year contract … but I haven’t been super happy with the service and phones, so we started thinking about what other provider and phone’s would be a suitable substitute.
My co-worker Jerome has the iPhone and is very happy to show it off. Even on the first release I have to admit, it was pretty cool. The interface was nice, the features were nice, and the sound quality wasn’t bad at all.
The only things I really didn’t like at the get go was the fact that you were tied to AT&T and the battery wasn’t replaceable.
After mulling our alternatives, we decided to go for it. Both Ginny and I got the 8gb model. We were originally thinking about the 16gb model, but the Apple store didn’t have any in stock and we figured, since we only used a fraction of our 4gb iPods, it wasn’t that big a deal.
A few observations …
- It doesn’t like the fact that I use self signed certs on my mail server. I’ll probably have to bite the bullet and get a proper cert.
- I haven’t found any ability to select which folders I show in my IMAP mail account. Wish I could, as I really only care about a handful on an ongoing basis.
- One feature that’s missing, and was almost a deal breaker, was the lack of voice command dialing. On my old moto phone I could just tell it “Call James Rich Mobile” and it would call James Rich’s cell phone (in my address book). Nice for talking while driving.
- As one would expect from an Apple product, the user interface is slick. The screen is a bit over sensitive though. I suspect it’s just something to get used to.
- The pseudo GPS functionality is very cool … I really want to figure out how they do it, because it was able to figure out where was I better than my GPS can.
- Porting of both the phone numbers on my Verizon account was smooth and fast. It only took 30 minutes to complete. I’m going to verify that Verizon cancels my account just in case.
One annoyance, unrelated to the iPhone itself, was the fact that it seems kind of hard to find accessories at stores that don’t actually sell the iPhone. Woodfield mall, and the Apple store, were both very crowded … and both Ginny and I were in a hurry to escape (yeah, so we could play with the new toys) … so we skipped getting protective skins for the new phones. We stopped at Best Buy on the way home, but they only had 2 or 3 skins & cases for the iPhone. I’ll probably stop at Frys on my way home tomorrow to pick something up.
I’m kind of interested to see what the SDK is all about … I’ve got some ideas for apps that could be fun.