Eka's Portal

For the past several days or so, I've been getting this error message in Chrome when trying to access the site: (see here https://s18.postimg.org/tlqxwn9q1/5954765.png )

"Your connection is not private - attackers might be trying to steal your information from eka.aryion.com (for example, passwords, messages, or credit cards)
NET::ERR_CERT_COMMON_NAME_INVALID

If I override the error, I can still access the site, but is my password data at risk of being read or can I be hijacked in some other way?

Yeah, I can attest to this. The front page has been acting screwy for me in Chrome too, these last couple days, under the claims of a security issue as mentioned...

If you remove the "www." or anything else between "http://" and "aryion" it works.

I'm not sure why you guys are using anything besides https://aryion.com . Must be some link from a really long time ago. We haven't used any subdomain for a decade. Just stick to https://aryion.com as your front page.

Eka wrote:I'm not sure why you guys are using anything besides https://aryion.com . Must be some link from a really long time ago. We haven't used any subdomain for a decade. Just stick to https://aryion.com as your front page.

Probably a lot of people type "aryion" then Ctrl+Enter.

I don't think it's normal for sites to actually not function with a www (unless there's some other subdomain which is required), so there must be some well-used method of avoiding this problem

I saw the same problem. I don't know enough about the internet, so it maybe scared me a little.

Eka wrote:I'm not sure why you guys are using anything besides https://aryion.com . Must be some link from a really long time ago. We haven't used any subdomain for a decade. Just stick to https://aryion.com as your front page.

I've been using this site for close to a decade, so that's the way I bookmarked it. I'll have to change that, I suppose.

Just as an experiment, I put some random gibberish as a subdomain and it gave me the same error, but would allow me to proceed to the front page. I'm not aware of any other sites that allow that.

For example, I tried it on AO3 and got this: "This site can’t be reached - j43h7dghsd.archiveofourown.org’s server IP address could not be found." But putting that random subdomain in for this site will allow it to connect, albeit with a mismatched security certificate... I wonder why?

pseudo wrote:

Eka wrote:I'm not sure why you guys are using anything besides https://aryion.com . Must be some link from a really long time ago. We haven't used any subdomain for a decade. Just stick to https://aryion.com as your front page.

Probably a lot of people type "aryion" then Ctrl+Enter.

I don't think it's normal for sites to actually not function with a www (unless there's some other subdomain which is required), so there must be some well-used method of avoiding this problem

It does function if you use www.aryion.com.

I type in aryion.com and also received a notification regarding security certificates. I could not proceed to the site until I added the site to my Trusted Domains list in Firefox

Jeice wrote:I type in aryion.com and also received a notification regarding security certificates. I could not proceed to the site until I added the site to my Trusted Domains list in Firefox

Are you typing exactly "aryion.com"?

That should depend on your certificate caching. Try another browser and see if you see the same issue. Otherwise, it might be something with browser cache.

Personally I am not able to reproduce the same issue.

Eka wrote:

pseudo wrote:

Eka wrote:I'm not sure why you guys are using anything besides https://aryion.com . Must be some link from a really long time ago. We haven't used any subdomain for a decade. Just stick to https://aryion.com as your front page.

Probably a lot of people type "aryion" then Ctrl+Enter.

I don't think it's normal for sites to actually not function with a www (unless there's some other subdomain which is required), so there must be some well-used method of avoiding this problem

It does function if you use http://www.aryion.com.

Oh I'm sorry, I didn't look at the screenshot, assumed it was the same problem I've been having:



Occurs with www, is fine without. Only started happening recently (last week or so)

I see. I think we will have it fixed a bit, though we have never really used www in the link before. Not sure why people would use that.

I'm another one who gets to www.aryion.com with the ctrl+enter keyboard shortcut. It takes whatever is in the address bar and puts www. before it and .com after and goes to that website. I'm not sure I want to have the site permanently bookmarked, so 8 key presses is the fastest way I have to get here.

Hm I think you could avoid this at all, if you add a redirect to aryion.com from http://www.aryion.com.

The Problem is, that http://www.aryion has no SSL-Cert, so you still get the Error-Message... Maybe use a Let's Encrypt Cert for http://www.aryion.com which just redirect to aryion.com via Web-Config or just redirect to aryion.com via a REDIRECT-Record in your Domain-Settings

If you have a Wildcart-Cert (They are quite expensive) you could just add *.aryion.com to the Cert. I think the redirect would help


The Problem is, besides, that some Browser add this in front of an URL (Which makes no sense IMO). Many People add this in front of the URL. For example my Co-Worker always enter "www." for some reason, even if I told him that our page can be also accessed via mydomain.com .... Maybe they use that as "now I type in Manually" like a Command for the Browser, who knows. But it would be a good choice to redirect them to the non www Version then

Btw: I also get a SSL-Error at www.aryion.com, just checked it. There is no Cert added for this Subdomain

tigercloud wrote:Hm I think you could avoid this at all, if you add a redirect to aryion.com from http://www.aryion.com.

The Problem is, that http://www.aryion has no SSL-Cert, so you still get the Error-Message... Maybe use a Let's Encrypt Cert for http://www.aryion.com which just redirect to aryion.com via Web-Config or just redirect to aryion.com via a REDIRECT-Record in your Domain-Settings

If you have a Wildcart-Cert (They are quite expensive) you could just add *.aryion.com to the Cert. I think the redirect would help


The Problem is, besides, that some Browser add this in front of an URL (Which makes no sense IMO). Many People add this in front of the URL. For example my Co-Worker always enter "www." for some reason, even if I told him that our page can be also accessed via mydomain.com .... Maybe they use that as "now I type in Manually" like a Command for the Browser, who knows. But it would be a good choice to redirect them to the non www Version then

Btw: I also get a SSL-Error at www.aryion.com, just checked it. There is no Cert added for this Subdomain

We know all of that. We will fix it later.

The reason this happens is that overall web browser changes behaviour. We have always redirect any www. entry to a non-www url automatically, but security method has changed, Some web browsers like firefox no longer redirect if the security certificate is not there. (Chrome still does.)

We already use let's encrypt. We planning on moving to a wildcard one, but they where not available at the moment. Like I said before. We will be fixing it later.

Meanwhile, you can simply use chrome and this won't happen. Or just use our official url. (We have never used www before) https://aryion.com and there won't be any problem. Update your bookmark!