Readit News logoReadit News
Posted by u/dang 4 years ago
Tell HN: Thanks to thehodge and littlewarden.com, this site is up today
A few days ago we got an email from HN user thehodge (https://news.ycombinator.com/user?id=thehodge), aka Dom Hodgson, telling us that HN's SSL cert was about to expire—as indeed it was. All the renewal notices had been going to Scott's old YC email, which no longer works.

Dom runs https://littlewarden.com/, which monitors sites for upcoming issues and lets you know when you're about to publicly embarrass yourself. In a twist on eat-your-own-dog-food (eat someone else's dog food as a service?), he had set up alerts for HN in their system. Lo and behold, it delivered the goods, and that is why you're reading HN as usual today instead of certificate scoldings, and therefore also why my ass is in a saved state, which is how I like it.

I figure the least we can do is proclaim our thanks, so all hail Dom and Little Warden! Yes, I know most of you can do this in 3 lines of Python and a cron job, and yes yes, there are other alert services—but only one has personally helped you waste time unimpeded on the internet. That is all.

thehodge · 4 years ago
Thanks for the mention Dang, I monitor a few hundred sites of 'importance' and see stuff like this all the time, you are the first one however to thank me for an email saying 'you might want to look into this!'
perryh2 · 4 years ago
I've thought about building a similar service before and I'm really impressed with all the features you offer, including many that I haven't even thought about before. Many companies use services like Pingdom for uptime monitoring but they don't have nearly as many features. I think you will do really well!
Abishek_Muthian · 4 years ago
Thanks Hodgson, SSL certificate expiring before the times of Let's Encrypt was the stuff for nightmare. I had to dedicate some day every 3 months to renew SSL certificates for my websites.

But now with Lets Encrypt & autocert(Go) it's not the case anymore. But still Little Warden would be useful to detect nasty surprises and besides you're offering other features.

P.S. I've added Little Warden to my curated list of startup tools - https://startuptoolchain.com/#website .

TechBro8615 · 4 years ago
How many of them become customers? Great strategy!
thehodge · 4 years ago
None, tbh I don't try and pitch LW too hard, I just give them a heads up, probably a mistake but feels more ethical :)
Zababa · 4 years ago
Thanks a lot for that!
gavinray · 4 years ago
Wow that's really shitty of all the other ones.

Will you name drop them so I can be angry at their ethics for you?

dang · 4 years ago
Let's try to avoid the online shaming/callout culture here. It's a classic local/global optimization tradeoff.

https://hn.algolia.com/?sort=byDate&type=comment&dateRange=a...

brianpan · 4 years ago
Even if my cert is about to expire, I might already know and have a plan to renew and rotate. In fact, I would think MOST large sites have a plan for this and aren't relying on a person from the internet to notice and email them.

Plus, do I need to publicly thank every person that emails and helps me?

petercooper · 4 years ago
As an aside, I've known thehodge for about fifteen years and he's a total mensch. He ran a popular annual hackathon (an actual ethical one where everyone won a prize) here in the UK, raises money seemingly non-stop for a children's hospice, and has launched perhaps 102 random businesses (including an online candy store!) and side projects over the years both for his own and our entertainment :-D If you want to patronize or support a business that's actually run by a good, ethical person, this is the one for you.
thehodge · 4 years ago
Ha Peter, you are too kind, but I will take this opportunity to plug my latest fundraising video :) https://www.youtube.com/watch?v=xm2FUOEoy44
neilwilson · 4 years ago
And let's not forget creating "Hodgeland" when the pandemic prevented him taking his little girl to Disneyland.

https://www.bbc.co.uk/news/uk-england-leeds-56099072

Dom is a legend in his own lunchtime. A hugely positive inspiration to everybody who has had the good fortune to meet him.

thehodge · 4 years ago
That was 100% my wife, she came up with the idea after our trip to TokyoDisneyland was cancelled and we were all a bit down. I'd love to take credit for that but I cannot!
scrumlord · 4 years ago
boo-fucking-hoo

disneyland is for capitalist pigs

onion2k · 4 years ago
I met Dom at a few of the Newcastle barcamps a loooong time ago. I'll second that he's an awesome guy, and an impressive serial entrepreneur, and very good at improvised PowerPoint karaoke...
iamben · 4 years ago
Agree completely! He's a great guy! Excellent work Dom!
cedricd · 4 years ago
So does that mean that YC is now a paid subscriber to the service? ;).

Very classy callout in any case. I love the story of a startup getting good press for doing something nice. Also this sounds like a really good case study for them to put up.

Poiesis · 4 years ago
I bet Dang's public note of thanks is worth so much more than the subscription revenue that it barely matters if they pay or not.
thehodge · 4 years ago
Exactly, this post was such a lovely gesture and the HN team know there is an account for them if they want one (gotta say thanks, afterall, we did launch with a SHOW HN post!)
mikewhy · 4 years ago
So "we'll pay you with EXPOSURE"?
dmurray · 4 years ago
If YC were a paid subscriber, the mail would presumably have gone to the same defunct email address that the cert expiry notice went to.

How does Littlewarden solve that problem? "Personally contacting the face of the site through a back channel" is a great answer, but not so scalable.

thehodge · 4 years ago
We allow multiple emails to be notified for issues, as well as the pretty popular Slack integration (along with other messaging services)
Zealotux · 4 years ago
Amusing, I embarrassed myself today as I forgot to renew a client's certificate. This kind of service is unfortunately too expensive for my needs (2 small websites to monitor), wouldn't that be possible to have a small software run on my laptop that checks a list of websites every day for upcoming expiration?
geofft · 4 years ago
You can do this with the following crappy cronjob (monitoring the machine where your cronjobs run is left as an exercise to the reader / is why you'd want to pay someone to deal with it):

    0 0 * * * openssl s_client -showcerts -connect news.ycombinator.com:443 </dev/null 2>/dev/null | openssl x509 -checkend 864000 >/dev/null || echo "Certificate is expiring"
Assuming your system has local mail (via the sendmail command) working, this will send you an email if your certificate expires in the next 864000 seconds = 10 days. If you have an MTA installed but don't use local mail on the machine, you can use the MAILTO feature to send it to your normal email address.

atok1 · 4 years ago
That's pretty useful, thanks.

I can setup a monitor (FOSS) for the computer that is doing the site monitoring, since I only use open source software that I can inspect.

oars · 4 years ago
Great one liner to monitor expiring certs, thanks.
amozoss · 4 years ago
Could pipe it to pushback.io too, super easy way to setup push notifications to your phone
dharmab · 4 years ago
In addition to monitoring the cert, consider using Let's Encrypt/ACME to auto-rotate certificates.
remram · 4 years ago
Unfortunately this also fails in interesting ways...

Just recently, I let one of my certificates expire. The cronjob correctly renewed it, but nginx was not reloaded and kept using the previous certificate. This had never happened before, because I would usually make changes regularly and trigger a reload, which would load the new certificate. Therefore this website had run without issues for 2 years with an incomplete renewal configuration until it finally broke...

cyberge99 · 4 years ago
dnmin is a small shop that offers it free (I think). I donated the guy $10 for the service a couple of years ago. I got an alert recently, so it works.
amozoss · 4 years ago
Google cloud does checks (of endpoints or tcp connections). I've never been charged as far as I can tell. It sends me a text when my site is down, but it has tons of other notification options
polote · 4 years ago
> Yes, I know most of you can do this in 3 lines of Python and a cron job, and yes yes, there are other alert services

Ultimate troll :) Maybe dang is the secret writer of n-gate

temp_praneshp · 4 years ago
I hope the writer of n-gate is fine. Nothing since mid-july.
isoprophlex · 4 years ago
Every week I still check, and leave slightly saddened, smirking "n-gate continues the war on it's users"

Hope they're okay, and just bored with writing updates.

Deleted Comment

petecooper · 4 years ago
https://crt.sh/?q=news.ycombinator.com

(for the curious)

judge2020 · 4 years ago
Slightly off-topic, but what happened during the time HN was using Cloudflare (August 2017 up to August 2018 by the looks of it)? Was it a trial and enough people complained about the usage, or otherwise had issues accessing from niche user agents?
dang · 4 years ago
https://news.ycombinator.com/item?id=21799223
atok1 · 4 years ago
I'm not sure with this instance but I do know that people complained since CF is the antithesis of privacy and the free internet.
endisneigh · 4 years ago
This is an incredibly wholesome post all around. Wish all internet interactions were like this!
sundarurfriend · 4 years ago
It's surprising how common this is, from big organizations: either letting the certificate expire, or have it be for the wrong domain that clearly belongs to the same org - but most users wouldn't know or care. So it's a good idea for a service, best of luck to thehodge.
thehodge · 4 years ago
It happens A LOT, it's mostly because domains, SSLs and other 'tedious' things like that tend to get lost in the business of 'building something billable' and it's easy to thank that a different department owns that bit.
type0 · 4 years ago
It's even more common when the certificate is issued for longer than 1 year, that's a bad practice- don't do this!