When I try to edit the demo link above from HTTP to HTTPS on flavortown[.]hackclub[.]com (source code for link fetcher is on: GitHub - hackclub/flavortown: what's cooking in the hack club kitchen · GitHub ) and save it, I get the error “Failed to update project: Demo url Demo URL could not be verified (idk why, pls let a admin know if this is happening a lot and your sure that the URL is valid): SSL_connect returned=1 errno=0 peeraddr=185.27.134.137:443 state=error: certificate verify failed (unable to get local issuer certificate)”. I was told to go to InfinityFree support by a helper on the official public Slack channel for Flavortown. Why is that?
Other Information
The certificate has worked in my browser without any errors for several days and it worked when the site used to be hosted on GitHub Pages before the certificate got reissued.
It seems like it’s unable to verify the existence of either the certificate itself or Certificate Transparency. Or does InfinityFree not send that if the request doesn’t pass their security check?
I meant you need to protect people from abusing your website. All someone has to do is automate a bunch of requests to your site and parse the response with a bot to get unlimited free use of your API key.
You need to protect your key from being stolen, yes, but you also need to protect your application that is holding the key from being abused.
The specific error you’re seeing is caused by free hosting not supporting uploading full certificate chains along with certificates. This works fine for browsers, but any automated tools typically cannot handle this, which makes them say the SSL certificate is not trusted.
But since access from automated tools isn’t allowed in the first place, this is not an issue.