Author Topic: Multiple NWS sites switching to https only by Dec 31, 2018  (Read 889 times)

0 Members and 1 Guest are viewing this topic.

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Multiple NWS sites switching to https only by Dec 31, 2018
« on: November 20, 2018, 09:40:32 PM »
From the announcement here

Quote
Starting immediately through December 31, 2018, the National
Center for Environmental Prediction (NCEP) Central Operations 
(NCO) will be implementing secure HTTPS protocols. These changes 
will include: 
  -   Enabling HTTPS for sites that were previously HTTP
-only   
  -   Redirecting HTTP traffic for all sites
  -   Redirecting HTTPS handshakes to Cipher suites that are secure
  -   Enabling a configuration that marks the affected sites for HTTPS Strict Transport Security (HSTS)
The following domains, and all websites under them, will only be 
accessible at https:
 
  -   X.ncep.noaa.gov

Where X is defined as, but not limited to: opc, wpc, cpc, nhc,
nomads, ftp, mrms, madis, and mag
   
  -   X.weather.gov

Where X is multiple sites nested under the domain weather.gov.
If you have specific questions on a site please email the 
contacts below.

  -   tgftp.nws.noaa.gov

  -   X.noaa.gov
Where X is defined as, but not limited to: airquality.weather
and water.weather

NCEP will give users a 1 week overlap period to test any 
transitions from HTTP to HTTPS. Beginning by November 30, 2018,
all HTTPS URLs will be available alongside HTTP.
Starting on December 7, 2018, NCEP will begin to redirect HTTP URLs to HTTPS.
There are no changes to ftp services also offered through those
domains. This change is following the Homeland Security Binding 
Operational Directive, BOD-18-01.

So, I'll likely have some script updates (get-conditions-metar-inc.php, and some of the older scripts) to support this.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline DW7240

  • Senior Contributor
  • ****
  • Posts: 225
    • The Vicarage Weather Feed
Re: Multiple NWS sites switching to https only by Dec 31, 2018
« Reply #1 on: November 20, 2018, 10:49:23 PM »
Hi Ken,

As ever...…..THANK YOU for keeping us all up-to-date, we all appreciate you so very much.

Nick. dw7240.com


Offline zmarfak

  • Contributor
  • ***
  • Posts: 135
    • Matar
Re: Multiple NWS sites switching to https only by Dec 31, 2018
« Reply #2 on: November 24, 2018, 02:59:10 AM »
Forget my message here, I see there is an update for the file , will implement it, I have to learn to check that first !!
apparently it's indeed the change to https


Hi,
has this to do with this :

PHP Warning:  Invalid argument supplied for foreach() in /var/www/vhosts/matar.be/httpdocs/weather/get-USNO-sunmoon.php on line 360
PHP Warning:  Invalid argument supplied for foreach() in /var/www/vhosts/matar.be/httpdocs/weather/get-USNO-sunmoon.php on line 371

I changed line 138
Code: [Select]
$USNOUrl = "http://api.usno.navy.mil/rstt/oneday?date=$lclToday&coords=$myLat,$myLong&tz=$myTZOffset";
to
Code: [Select]
$USNOUrl = "https://api.usno.navy.mil/rstt/oneday?date=$lclToday&coords=$myLat,$myLong&tz=$myTZOffset";

and my cache file was updated and had no error anymore

Or was the site reachable again during the time I adapted the file ?
« Last Edit: November 24, 2018, 03:08:52 AM by zmarfak »
Patrick
Davis Vantage Pro2 with a Meteobridge NANO SD and WL (6.04) on a Intel NUC 
https://www.matar.be

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Multiple NWS sites switching to https only by Dec 31, 2018
« Reply #3 on: November 24, 2018, 01:23:57 PM »
There was no announcement (AFAIK) about api.usno.navy.mil switching to HTTPS, they just added a 301 redirect from http to https.  Previously, the https service for them used a generic navy.mil cert that popped a browser cert warning.  Now they seem to have fixed that cert issue, and engaged the https redirect.

BTW.. this is a navy.mil issue, not related to the noaa.gov change per se.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline Jasiu

  • Forecaster
  • *****
  • Posts: 947
    • LexMAWeather
Re: Multiple NWS sites switching to https only by Dec 31, 2018
« Reply #4 on: November 29, 2018, 07:45:49 PM »
Quote
Beginning by November 30, 2018,
all HTTPS URLs will be available alongside HTTP.

HTTPS links for METAR are now live. So I guess them meant Nov 30 UTC.  :grin:
https://lexmaweather.info
On Mastodon: @LexMAWeather@toot.community

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Multiple NWS sites switching to https only by Dec 31, 2018
« Reply #5 on: November 29, 2018, 09:16:00 PM »
An interesting tidbit:  the cert for tgftp.nws.noaa.gov was issued by Go Daddy Secure Certificate Authority - G2 and became active Thursday, November 29, 2018, 8:26:47 PM GMT and expires Sunday, January 27, 2019, 3:30:01 PM GMT.

Whodathunk that NOAA would be using a GoDaddy cert...

weather.gov uses a cert from DigiCert SHA2 Secure Server CA which also covers:
DNS Name: weather.gov
DNS Name: new.nowcoast.noaa.gov
DNS Name: preview-forecast-v3.weather.gov
DNS Name: airquality.weather.gov
DNS Name: w2.weather.gov
DNS Name: wwwx.wrh.noaa.gov
DNS Name: ptwc.weather.gov
DNS Name: water.weather.gov
DNS Name: products.weather.gov
DNS Name: www.aviationweather.gov
DNS Name: www.nowcoast.noaa.gov
DNS Name: nowcoast.ncep.noaa.gov
DNS Name: idpgis.ncep.noaa.gov
DNS Name: nowcoast.noaa.gov
DNS Name: tsunami.gov
DNS Name: mobile.weather.gov
DNS Name: preview-api-v1.weather.gov
DNS Name: alerts.weather.gov
DNS Name: graphical.weather.gov
DNS Name: digital.weather.gov
DNS Name: forecast-v3.weather.gov
DNS Name: www.tsunami.gov
DNS Name: w1.weather.gov
DNS Name: nws.weather.gov
DNS Name: ssd.wrh.noaa.gov
DNS Name: aviationweather.gov
DNS Name: www.weather.gov
DNS Name: www.tsunami.noaa.gov
DNS Name: api-v1.weather.gov
DNS Name: nomads.weather.gov
DNS Name: f1.weather.gov
DNS Name: alerts-v2.weather.gov
DNS Name: forecast.weather.gov
DNS Name: www.srh.noaa.gov
DNS Name: marine.weather.gov
DNS Name: ra4-gifs.weather.gov
DNS Name: radar.weather.gov
DNS Name: preview.weather.gov
DNS Name: www.wrh.noaa.gov
DNS Name: api.weather.gov
 
www.noaa.gov uses a cert from Amazon
DNS Name: www.noaa.gov
DNS Name: test.woc.noaa.gov

The GoDaddy cert for tgftp.nws.noaa.gov also covers
DNS Name: qa.ncep.noaa.gov
DNS Name: www.qa.ncep.noaa.gov
DNS Name: ftp.i.ncep.noaa.gov
DNS Name: ftp.nco.ncep.noaa.gov
DNS Name: inwsqa.ncep.noaa.gov
DNS Name: origin.cpc.ncep.noaa.gov
DNS Name: www.cpcpara.ncep.noaa.gov
DNS Name: opah.nhc.ncep.noaa.gov
DNS Name: ftp.ocean.weather.gov
DNS Name: irisqa.ncep.noaa.gov
DNS Name: secure.idpqadm7.ncep.noaa.gov
DNS Name: www.nco.ncep.noaa.gov
DNS Name: www.opc.ncep.noaa.gov
DNS Name: water.noaa.gov
DNS Name: origin.nowcoast.ncep.noaa.gov
DNS Name: www.emc.ncep.noaa.gov
DNS Name: www.lib.ncep.noaa.gov
DNS Name: ftp.wpc.ncep.noaa.gov
DNS Name: www.ndsc.ncep.noaa.gov
DNS Name: ftp.cpc.ncep.noaa.gov
DNS Name: para.nomads.ncep.noaa.gov
DNS Name: origin.wpc.ncep.noaa.gov
DNS Name: tgftp.nws.noaa.gov
DNS Name: origin.opc.ncep.noaa.gov
DNS Name: ftp.nhc.ncep.noaa.gov
DNS Name: ftp.opc.ncep.noaa.gov
DNS Name: dev.madis.ncep.noaa.gov
DNS Name: ftp.emc.ncep.noaa.gov

But not all those listed seem to be working correctly quite yet (cert to be installed on some servers, I think).  They've got another workday (Nov 30th) to get it hammered out.
« Last Edit: November 29, 2018, 09:35:00 PM by saratogaWX »
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

 

anything