I’m the administrator of kbin.life, a general purpose/tech orientated kbin instance.
There’s a certbot addon which uses nginx directly to renew the certificate (so you don’t need to stop the web server to renew). If you install the addon you just use the same certbot commands but with --nginx instead and it will perform the actions without interfering with web server operation.
You just then make sure the cron job to renew also includes --nginx and you’re done.
It makes sense that they issue short certificates, though. The sole verification is that you own the domain. If you sell/let the domain lapse and someone else takes it over, there’s only a limited time you would hold a valid certificate for it.
That’s got to be extremely rare. Not much you can do in that case. But they will hit many problems with that approach.
I mean, while they can block most things, to give people a usable experience they’re going to allow http and https traffic through, and they can’t really proxy https because of the TLS layer.
So for universal chance of success, running openvpn tcp over port 443 is the most likely to get past this level of bad. I guess they could block suspicious traffic in the session before TLS is established (in order to block certain domains). OpenVPN does support traversing a proxy, but it might only work if you specify it. If their network sets a proxy via DHCP, maybe you could see that and work around it.
I did have fun working around an ex gf’s university network many years ago to get a VPN running over it. They were very, very serious about blocking non-standard services. A similar “through” the proxy method was the last resort they didn’t seem to bother trying to stop.
But, I think they should not accept dual nationality. Make them burn their passports at the border!
Yeah, my point is, comparing them to constitutional amendments doesn’t make too much sense for the rest of us.
But you know, I think they do have trial by jury. Just, I think like the elections there, the jury gets told the result, before they decide it.
If they want to own guns, no problem. The government will supply them, and even provide transportation to a place they can use them. (I hope the /s is implied here).
I’m not sure if that story is onionesque or real. Now, that uncertaintly is a problem with the modern world.
Dude! They only work if they’re on tight!
Well, most countries aren’t going to have the same constitutional rights as the USA has. In the same way, the US doesn’t give their citizens the same rights as those in other countries receive. As such, I’m not sure if there’s too much point comparing the two.
Otherwise. Yes, it’s not going to be a nice place to live, and anyone that chooses this option has only themselves to blame when they realise they made a deal with the leopard that has a history of biting faces off.
deleted by creator
Hmm, the only issue I had was because it was using the DoH (which I don’t have a local server for). Once I disabled that, it was fine.
Oh. Internal hosts, I just setup on my own DNS… No need for that. Printer, can’t say I’ve ever had a problem.
Yeah, I don’t really have a use at home for mDNS. None that I can think of, anyway. Pretty sure I was using it before MDNS was a thing.
They (the service that provides both web protection and logging) installs their own root certificate. Then creates certs for sites on demand, and it will route web traffic through their own proxy, yes.
It’s why I don’t do anything personal at all on the work laptop. I know they have logs of everything everyone does.
What if I told you, businesses routinely do this to their own machines in order to make a deliberate MitM attack to log what their employees do?
In this case, it’d be a really targetted attack to break into their locally hosted server, to steal the CA key, and also install a forced VPN/reroute in order to service up MitM attacks or similar. And to what end? Maybe if you’re a billionaire, I’d suggest not doing this. Otherwise, I’d wonder why you’d (as in the average user) be the target of someone that would need to spend a lot of time and money doing the reconnaissance needed to break in to do anything bad.
Sorry. I chose .local and I’m sticking to it.
I have auto redirect to 443. But --nginx works fine. I think it overrides stuff for whatever the specific url used is.