As the web moves more and more to HTTPS and ehanced security (such as HSTS) keeping your certificates updated and valid becomes more and more important. I’m toying with an idea of building a small webapp to monitor my small portfolio of certificates and warn me if a certificate is due to expire. As part of this, I’m slowly patching pieces together in Go and one of the small useful outcomes is a small (compilable to bin) script which prints the basic certificate details of a given domain.
I’ve been having an odd issue for a couple of months. When accessing sites having a .dev domain (like most recently go.dev), I my browsers have given me warnings and as many had HSTS-headers, not allowed me to visit the site. It seemed like a strange error, and I’ve tried to remember if I’ve set up some proxy or VPN connection, that could cause this issue. A few times I’ve asked others on the net if they had issues - which was not the case - and I’ve tried using a web proxy, and everything worked.
I’ve switched nameservers for all my domains yesterday. During the past many years I’ve been free-riding on GratisDNS and enjoying their free DNS service (and luckily never needed support in their forums). Yesterday I switched to Cloudflare and I’m using them for DNS for this (and other domains). I don’t have any particular requirements, and the switch was mostly easy and automated to the extent possible. Two domains went smooth, but the last my mahler.
Get your company implementing DMARC now… During the past 5-6 years email industry efforts have been pushing the DMARC standard along. It provides the best widely supported and seemingly efficient way to - as a domain-owner - protect the domain from misuse and abuse in terms of spam and phishing attacks. As sending email has often been a wild-west, and knowing who is a valid sender of email may prove a challenge for many companies - and as most IT developers does seem to care too much about the finer details of email (and production just as bad email headers as HTML markup :-) ), implementing DMARC protection on your domain may actually be a challenge.
So, I’ve been moving the site to a VPS - a Virtual Private Server. A VPS is basically the same as a physical server to which you can’t have physical access. When you get your virtual server, most likely it will be setup with a basic disk image with an Operating System and a root account. In my case at DigitalOcean I choose to setup an Ubuntu Linux image and here are the first moves you should take after creating the VPS to get the basic security in place.