Certificate error on FNG :(

I don’t know how many people will see this post, since the ones who need it are those who right now aren’t able to access the main site, but here it goes:

I made a bad mistake when I renewed the certificate and chose to replace the old cert with an ECDSA one, which meant generating a new key… but I had configured the site with public key pinning, which meant that browsers would cache the old key’s pin for at least 2 months. I should have generated the new key 2 months before, and added its pin as a backup key to the server, so browsers would cache and know about it in time, when the main pinned key stopped matching the site’s. New visitors are OK, returning visitors are getting that error. 🙁

Anyway, this guide shows how to manually delete HSTS (which pinning is a part of) cache entries from Firefox and Chrome, which will make your browser “forget” about the key pinning and be able to access FNG again. You only have to do it once (for any browser that’s accessed the site in the past 2 months). You should delete any keys for “www.fantasynamegen.com” and “fantasynamegen.com”.

Sorry about this… 🙁

One thought on “Certificate error on FNG :(

Leave a Reply