[Website Bug] Password reset link broken due to HSTS and invalid cert error


Expert (118)

SKiLLa's picture

14-02-2023, 15:04

I tried to reset my password earlier today, but the reset-link in the email used a (temporarily ?) msx.org subdomain (url4273.msx.org in my case) which isn't covered by the website's TLS certificate. Since the website also uses the 'HSTS' header, one cannot force Chrome to ignore the certificate error and thus cannot visit the password-reset link. Replacing the subdomain with www. for the same url resulted in a 404 error.

Here's a screenshot as a reference:

PS: I managed to figure out my password; hence this post :)

Login or register to post comments

By cborn

Supporter (2)

cborn's picture

27-02-2023, 23:07

firefox blocked me and i had to make this new account, at least thats the easy way for me.

it mentions a bad certificate, perhaps old, or just wrong since its sendgrid and not msx ???

i can copy past it but its a bunce off base64 i assume

By bitcaffe

Supporter (3)

bitcaffe's picture

05-03-2023, 22:41

Hi guys,

I forgot my password and I did not manage to obtain a new one due to problem with the security certificate.
So I created a new account (my previous one was gacaffe) and in the welcome email all the links point at url4273.msx.org, is that ok?

Anyway, I will use this new account. I will try to be a little bit more active (my last post was from 2019...).




Expert (118)

SKiLLa's picture

31-03-2023, 14:45

Tiny bump because the issue still persists !

By ro

Scribe (4964)

ro's picture

31-03-2023, 14:58

We know of this stuff and actually leaning towards getting a new web site instead of fixing old stuff. More on that later.
For now, just gimme an e-mail and I'll reset the password for ye. It's a dirty work around, I know.


Expert (118)

SKiLLa's picture

31-03-2023, 15:47

Thanks for the feedback Ramon ... And I see your profile with e-mail is also accessible without being logged in, that should do.