Tell HN: Thanks to thehodge and littlewarden.com, this site is up today
4 years ago
A few days ago we got an email from HN user thehodge (https://news.ycombinator.com/user?id=thehodge), aka Dom Hodgson, telling us that HN's SSL cert was about to expire—as indeed it was. All the renewal notices had been going to Scott's old YC email, which no longer works.
Dom runs https://littlewarden.com/, which monitors sites for upcoming issues and lets you know when you're about to publicly embarrass yourself. In a twist on eat-your-own-dog-food (eat someone else's dog food as a service?), he had set up alerts for HN in their system. Lo and behold, it delivered the goods, and that is why you're reading HN as usual today instead of certificate scoldings, and therefore also why my ass is in a saved state, which is how I like it.
I figure the least we can do is proclaim our thanks, so all hail Dom and Little Warden! Yes, I know most of you can do this in 3 lines of Python and a cron job, and yes yes, there are other alert services—but only one has personally helped you waste time unimpeded on the internet. That is all.
Thanks for the mention Dang, I monitor a few hundred sites of 'importance' and see stuff like this all the time, you are the first one however to thank me for an email saying 'you might want to look into this!'
I've thought about building a similar service before and I'm really impressed with all the features you offer, including many that I haven't even thought about before. Many companies use services like Pingdom for uptime monitoring but they don't have nearly as many features. I think you will do really well!
Thanks Hodgson, SSL certificate expiring before the times of Let's Encrypt was the stuff for nightmare. I had to dedicate some day every 3 months to renew SSL certificates for my websites.
But now with Lets Encrypt & autocert(Go) it's not the case anymore. But still Little Warden would be useful to detect nasty surprises and besides you're offering other features.
P.S. I've added Little Warden to my curated list of startup tools - https://startuptoolchain.com/#website .
How many of them become customers? Great strategy!
None, tbh I don't try and pitch LW too hard, I just give them a heads up, probably a mistake but feels more ethical :)
2 replies →
Thanks a lot for that!
Wow that's really shitty of all the other ones.
Will you name drop them so I can be angry at their ethics for you?
Let's try to avoid the online shaming/callout culture here. It's a classic local/global optimization tradeoff.
https://hn.algolia.com/?sort=byDate&type=comment&dateRange=a...
1 reply →
Even if my cert is about to expire, I might already know and have a plan to renew and rotate. In fact, I would think MOST large sites have a plan for this and aren't relying on a person from the internet to notice and email them.
Plus, do I need to publicly thank every person that emails and helps me?
1 reply →
As an aside, I've known thehodge for about fifteen years and he's a total mensch. He ran a popular annual hackathon (an actual ethical one where everyone won a prize) here in the UK, raises money seemingly non-stop for a children's hospice, and has launched perhaps 102 random businesses (including an online candy store!) and side projects over the years both for his own and our entertainment :-D If you want to patronize or support a business that's actually run by a good, ethical person, this is the one for you.
Ha Peter, you are too kind, but I will take this opportunity to plug my latest fundraising video :) https://www.youtube.com/watch?v=xm2FUOEoy44
And let's not forget creating "Hodgeland" when the pandemic prevented him taking his little girl to Disneyland.
https://www.bbc.co.uk/news/uk-england-leeds-56099072
Dom is a legend in his own lunchtime. A hugely positive inspiration to everybody who has had the good fortune to meet him.
That was 100% my wife, she came up with the idea after our trip to TokyoDisneyland was cancelled and we were all a bit down. I'd love to take credit for that but I cannot!
boo-fucking-hoo
disneyland is for capitalist pigs
I met Dom at a few of the Newcastle barcamps a loooong time ago. I'll second that he's an awesome guy, and an impressive serial entrepreneur, and very good at improvised PowerPoint karaoke...
Agree completely! He's a great guy! Excellent work Dom!
So does that mean that YC is now a paid subscriber to the service? ;).
Very classy callout in any case. I love the story of a startup getting good press for doing something nice. Also this sounds like a really good case study for them to put up.
I bet Dang's public note of thanks is worth so much more than the subscription revenue that it barely matters if they pay or not.
Exactly, this post was such a lovely gesture and the HN team know there is an account for them if they want one (gotta say thanks, afterall, we did launch with a SHOW HN post!)
1 reply →
So "we'll pay you with EXPOSURE"?
5 replies →
If YC were a paid subscriber, the mail would presumably have gone to the same defunct email address that the cert expiry notice went to.
How does Littlewarden solve that problem? "Personally contacting the face of the site through a back channel" is a great answer, but not so scalable.
We allow multiple emails to be notified for issues, as well as the pretty popular Slack integration (along with other messaging services)
1 reply →
Amusing, I embarrassed myself today as I forgot to renew a client's certificate. This kind of service is unfortunately too expensive for my needs (2 small websites to monitor), wouldn't that be possible to have a small software run on my laptop that checks a list of websites every day for upcoming expiration?
You can do this with the following crappy cronjob (monitoring the machine where your cronjobs run is left as an exercise to the reader / is why you'd want to pay someone to deal with it):
Assuming your system has local mail (via the sendmail command) working, this will send you an email if your certificate expires in the next 864000 seconds = 10 days. If you have an MTA installed but don't use local mail on the machine, you can use the MAILTO feature to send it to your normal email address.
That's pretty useful, thanks.
I can setup a monitor (FOSS) for the computer that is doing the site monitoring, since I only use open source software that I can inspect.
Great one liner to monitor expiring certs, thanks.
Could pipe it to pushback.io too, super easy way to setup push notifications to your phone
1 reply →
In addition to monitoring the cert, consider using Let's Encrypt/ACME to auto-rotate certificates.
Unfortunately this also fails in interesting ways...
Just recently, I let one of my certificates expire. The cronjob correctly renewed it, but nginx was not reloaded and kept using the previous certificate. This had never happened before, because I would usually make changes regularly and trigger a reload, which would load the new certificate. Therefore this website had run without issues for 2 years with an incomplete renewal configuration until it finally broke...
1 reply →
dnmin is a small shop that offers it free (I think). I donated the guy $10 for the service a couple of years ago. I got an alert recently, so it works.
Google cloud does checks (of endpoints or tcp connections). I've never been charged as far as I can tell. It sends me a text when my site is down, but it has tons of other notification options
> Yes, I know most of you can do this in 3 lines of Python and a cron job, and yes yes, there are other alert services
Ultimate troll :) Maybe dang is the secret writer of n-gate
I hope the writer of n-gate is fine. Nothing since mid-july.
Every week I still check, and leave slightly saddened, smirking "n-gate continues the war on it's users"
Hope they're okay, and just bored with writing updates.
https://crt.sh/?q=news.ycombinator.com
(for the curious)
Slightly off-topic, but what happened during the time HN was using Cloudflare (August 2017 up to August 2018 by the looks of it)? Was it a trial and enough people complained about the usage, or otherwise had issues accessing from niche user agents?
https://news.ycombinator.com/item?id=21799223
2 replies →
I'm not sure with this instance but I do know that people complained since CF is the antithesis of privacy and the free internet.
This is an incredibly wholesome post all around. Wish all internet interactions were like this!
It's surprising how common this is, from big organizations: either letting the certificate expire, or have it be for the wrong domain that clearly belongs to the same org - but most users wouldn't know or care. So it's a good idea for a service, best of luck to thehodge.
It happens A LOT, it's mostly because domains, SSLs and other 'tedious' things like that tend to get lost in the business of 'building something billable' and it's easy to thank that a different department owns that bit.
It's even more common when the certificate is issued for longer than 1 year, that's a bad practice- don't do this!
Really cool of you to mention this publicly! As thehodge said in his comments this is far from usual, and most big websites would just silently renew their certificate without giving any credit.
> Yes, I know most of you can do this in 3 lines of Python and a cron job
At first I thought this was a tongue-in-cheek reference to the famous Dropbox dismissal by BrandonM https://news.ycombinator.com/item?id=9224
I actually stole that line from something Dom said in our email conversation...
(Also, this is offtopic but I'm on a quest to get people to realize that BrandonM's comment has been unfairly characterized:
https://news.ycombinator.com/item?id=23229275)
I've caught a few of those once it's too late to reply, and I'm not sure I entirely agree with your sentiment.
Unless I'm totally out of touch, I've always seen the comment referenced as either dismissing a simple solution because a complicated one exists, and/or now having a grasp on how complicated a solution is.
Most recently I referenced the comment in a discussion around Laravel Forge, which deploys and manages servers for hosting websites. I love it personally, but a friend was of the opinion that "it's unnecessary, all you have to do to setup a server is..."
I get that he was trying to be helpful with his post, but that doesn't dismiss the fact that his very first point was "You can already do this by..." and then proceeding to provide a valid, but complicated solution that very few people could do.
There's nothing wrong with his post, but it does act as a good reminder that there's room for products that provide a simple solution where only complicated options exist.
1 reply →
Funnily enough I just read some more of the context around that comment and have to agree that it wasn't that bad. I think people, including myself, mostly remember the "For a Linux user, you can already build such a system yourself quite trivially by[...]" part. Personally I always find that hilarious because e.g. my mother can trivially use Linux and Dropbox, but I would have an awful time trying to walk her through BrandonM's proposed setup.
Looks like a great service, and it monitors quite a bit more than SSL / domain expiration.
Awesome story. This has inspired a bit of long forgotten altruism in me.
FYI the little warden menu doesn't work on Firefox or Chrome Android (at least I assume it's meant to be a menu?)
Your various site & DNS checks - do they work on IPv4 and V6? We recently managed to mess up our V6 records whilst our V4 were fine. Turns out our site checkers ran on V4! We've managed to get Prometheus to check on both now (kinda, there are some DNS caching issues somewhere) but now I'm surprised more checkers don't offer this feature.
Thanks for the heads up, I'll take a look at that and the good news is that we have a brand new marketing site launching very soon which IS much more mobile compatible!
The IPv6 thing, tbh nobody has tried it yet, but it's certainly something that if it doesn't work, we will fix it so it does :)
To be clear, I'm suggesting that checkers should run the tests over both IP4 and IP6 to explicitly catch situations where one is set up correctly and one isn't.
A sadly-now-deleted comment mentioned certdays.sh, which a quick search shows was posted by its author here:
https://news.ycombinator.com/item?id=2376115 - March 2011 (9 comments)
Yep it happens a lot.. Thanks for linking these, I'll be writing a few of these down for a future blog post ;)
Great service, I thinking to become a client. Any HN discount available?
I noticed a spelling error on this page: https://littlewarden.com/features "XML Sitemap Change Montioring"
Thanks for that, I've fixed that and pushing the change :)
Kudos and thanks to Dom Hodgson.
Running a website is so hard even a moron can do it.
Very kind of you dang and nice site thehodge :)
Great story. Thanks Dang, and thanks Dom!
Nice work Dom
Wait: What happened to Scott Bell's (sctb) email ID? Are they not part of the moderator team anymore?
That's correct. Ideally we'd have done a celebratory sendoff but it wasn't possible at the time (through no one's fault).
https://news.ycombinator.com/item?id=23808741