3

I was using the site all well and fine, then all of a sudden I got the error below on every page I tried.

error page in fire fox

However now the site is working again. Was there some temporary SSL problem, or did the unicorns revolt there for a minute?

For some reason these links do not work:

Improve this question
3
  • 3
    The correct URL is blender.stackexchange.com, not www.blender.stackexchange.com. Though SE should either redirect or not respond with the wrong certificate to avoid confusion. Commented Apr 16, 2017 at 16:24
  • I see. ok so somebody copied the url to an answer, then added the "www". Hmm. Commented Apr 16, 2017 at 16:26
  • 1
    Yup. Just edit it out and let the author know they made a mistake, it's a broken link like any other broken link. No bug here. Commented Apr 16, 2017 at 21:33

1 Answer 1

Reset to default
13

We simply do not support this, and never have. Though it is reasonable to redirect the www. domains on http://, it's not reasonable to do so on https:// (we'd need a truckload of certs). We never generate these links anywhere, that's someone else doing it incorrectly.

It's akin to the meta.*.stackexchange.com problem, all of which are now redirected to *.meta.stackexchange.com because of the certificate problem with so many 2nd level child domains.

If you factor in www.meta.blender.stackexchange.com it gets beyond silly to think about...so I can say for certain we'll never support this use case.

I suggest encouraging the source of these links to fix whatever (incorrect) assumptions they're making about www. domains.

Improve this answer
7
  • 1
    consider it done. But why can't you just redirect www requests to the non www source? Commented Apr 16, 2017 at 17:14
  • 1
    @David Pretty much this entire answer explains why we can't. Performing a redirect requires having a valid certificate for the www domain first. Otherwise the browser will ignore the redirect and throw an insecure warning. Commented Apr 16, 2017 at 17:21
  • @animuson the redirect is already happening (if you click through the SSL warning), so it seems to have been already implemented in the non-SSL times. It might make sense to remove the redirect entirely, as this would then fail with a far less scary message. Commented Apr 16, 2017 at 17:24
  • 2
    @MadScientist It would fail with exactly the same message, regardless of whether the redirect is set up. Try humpty.dumpty.stackexchange.com Commented Apr 16, 2017 at 17:26
  • 1
    @MadScientist in an SSL connection, you first establish trust then exchange data. Trust is necessary, so we'd have to have hundreds of certificates to handle links we never generated, the setup to serve them, and either implement SNI or have the IP space to do so. It's insanely complicated...if we didn't do it for meta, we're certainly not doing it here. The actual problem is someone's generating bad links which were never correct, that's what we should be fixing. Curing the symptom is not going to happen here, it's way beyond reasonable to do so. Commented Apr 16, 2017 at 17:30
  • @animuson I would have expected the name to not resolve at all, I thought that was only the redirect. This exceeds my DNS knowledge by quite a bit, but I guess that after all sites are moved, the *.*.stackexchange.com domains aren't needed at all anymore and could be removed entirely. Commented Apr 16, 2017 at 17:31
  • 1
    @MadScientist these records don't exist, they're a result of *.stackexchange.com (in DNS wildcards work for multiple levels). The old www. redirects are strictly for people typing it incorrectly...but they're not reasonable to maintain function of, not as large as the network is now. Commented Apr 16, 2017 at 17:35

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.